refactor!: Made the usage of if clauses in authentication & authorization, and error pipelines consistent

[dadrus]

Related issue(s)

closes #1783

Checklist

• I agree to follow this project's Code of Conduct.
• I have read, and I am following this repository's Contributing Guidelines.
• I have read the Security Policy.
• I have referenced an issue describing the bug/feature request.
• I have added tests that prove the correctness of my implementation.
• I have updated the documentation.

Description

As mentioned in #1783, the authentication and authorization pipeline supports the use of an if clause at each pipeline step, while the error pipeline does not; instead, the if clause is part of the error_handler definition.

This PR addresses that inconsistency, introducing a breaking change. Now, none of the mechanisms in the mechanism catalogue support the if clause within their own configurations. The if clause is now exclusively used in the definition of a step within a pipeline. For error handlers, this means you must specify the condition under which a particular error handler should be executed in the error pipeline. If no condition is defined, the particular error handler will always execute, and the error pipeline will terminate.

The following configuration snippets highlight the changes in detail.

Before this PR

# heimdall config file

mechanisms:
  # ... configuration of other mechanisms
  error_handlers:
    - id: redirect
      type: redirect
      # if clause is part of the definition
      if: type(Error) == authentication_error 
      config:
        to: http://foo.bar?origin={{ .Request.URL | urlenc }}

default_rule:
  execute:
    - authenticator: anonymous_authenticator
    - authorizer: deny_all_requests
  on_error:
    # error handler step just referencing the mechanism from the catalogue
    - error_handler: redirect 

After this PR

# heimdall config file

mechanisms:
  # ... configuration of other mechanisms
  error_handlers:
    - id: redirect
      type: redirect
      config:
        to: http://foo.bar?origin={{ .Request.URL | urlenc }}

default_rule:
  execute:
    - authenticator: anonymous_authenticator
    - authorizer: deny_all_requests
  on_error:
    - error_handler: redirect 
      # if clause is part of the pipeline step
      if: type(Error) == authentication_error 

The examples above highlight the differences by making use of an error pipeline of a default rule. Same applies to the regular rules.

[codecov]

Codecov Report

Attention: Patch coverage is 96.33028% with 4 lines in your changes missing coverage. Please review.

Project coverage is 89.72%. Comparing base (4ffa9e4) to head (c240707).
Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/rules/default_execution_condition.go	0.00%	3 Missing ⚠️
internal/rules/cel_execution_condition.go	87.50%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1784      +/-   ##
==========================================
- Coverage   89.79%   89.72%   -0.08%     
==========================================
  Files         270      270              
  Lines        9039     9012      -27     
==========================================
- Hits         8117     8086      -31     
- Misses        682      685       +3     
- Partials      240      241       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.