feat: implement Delegated Authentication Service

[paullatzelsperger]

What this PR changes/adds

Implements the DelegatedAuthenticationService that takes a bearer token and validates it against a public key resolved from a JWKS url.

Why it does that

Delegating auth and related tasks (rotation, revocation,...) away from the connector

Further notes

• Currently, only JWKS are supported (no PEM endpoints). let's see how far we get. We can always add that functionality to the JwksPublicKeyResolver
• NotBeforeValidationRule and ExpirationIssuedAtValidationRule have received an optional allowNull argument, because nbf and exp are not mandatory claims in general (they might be in certain OAuth2 flows)
• the TokenBasedAuthenticationService is only registered, if no other service is registered for the "management-api" context. That way, it yields the way to other implementations.

Linked Issue(s)

Closes #4261

Please be sure to take a look at the contributing guidelines and our etiquette for pull requests.

[github-actions]

Test Results

   856 files  + 3     856 suites  +3   20m 4s ⏱️ -18s
13 669 tests +24  13 666 ✅ +24  3 💤 ±0  0 ❌ ±0 
14 020 runs  +24  14 017 ✅ +24  3 💤 ±0  0 ❌ ±0 

Results for commit d17abb5. ± Comparison against base commit bacdf5a.

This pull request removes 158 and adds 182 tests. Note that renamed tests count towards both.

org.eclipse.edc.connector.controlplane.callback.staticendpoint.CallbackStaticEndpointExtensionTest ‑ [1] {edc.cb.callback.events=test, edc.callback.cb.transactional=false}
org.eclipse.edc.connector.controlplane.callback.staticendpoint.CallbackStaticEndpointExtensionTest ‑ [2] {edc.callback.cb.transactional=false, edc.callback.cb.uri=url}
org.eclipse.edc.connector.controlplane.callback.staticendpoint.CallbackStaticEndpointExtensionTest ‑ [3] {edc.callback.cb.uri=url, edc.callback.cb.auth-key=test, edc.callback.cb.events=test, edc.callback.cb.transactional=false}
org.eclipse.edc.connector.controlplane.contract.negotiation.ConsumerContractNegotiationManagerImplTest ‑ [10] ACCEPTING, TERMINATED, java.util.concurrent.CompletableFuture@485c84d7[Completed normally], org.eclipse.edc.connector.controlplane.contract.negotiation.ConsumerContractNegotiationManagerImplTest$DispatchFailureArguments$$Lambda$641/0x00007f4678359020@1224e1b6
org.eclipse.edc.connector.controlplane.contract.negotiation.ConsumerContractNegotiationManagerImplTest ‑ [11] VERIFYING, TERMINATED, java.util.concurrent.CompletableFuture@aa0dbca[Completed normally], org.eclipse.edc.connector.controlplane.contract.negotiation.ConsumerContractNegotiationManagerImplTest$DispatchFailureArguments$$Lambda$642/0x00007f4678359280@794cb26b
org.eclipse.edc.connector.controlplane.contract.negotiation.ConsumerContractNegotiationManagerImplTest ‑ [12] TERMINATING, TERMINATED, java.util.concurrent.CompletableFuture@401ec794[Completed normally], org.eclipse.edc.connector.controlplane.contract.negotiation.ConsumerContractNegotiationManagerImplTest$DispatchFailureArguments$$Lambda$643/0x00007f46783594e0@d76099a
org.eclipse.edc.connector.controlplane.contract.negotiation.ConsumerContractNegotiationManagerImplTest ‑ [1] REQUESTING, REQUESTING, java.util.concurrent.CompletableFuture@3e2d8623[Completed exceptionally: org.eclipse.edc.spi.EdcException: error], org.eclipse.edc.connector.controlplane.contract.negotiation.ConsumerContractNegotiationManagerImplTest$DispatchFailureArguments$$Lambda$632/0x00007f4678351c38@72715e61
org.eclipse.edc.connector.controlplane.contract.negotiation.ConsumerContractNegotiationManagerImplTest ‑ [2] ACCEPTING, ACCEPTING, java.util.concurrent.CompletableFuture@3d8d52be[Completed exceptionally: org.eclipse.edc.spi.EdcException: error], org.eclipse.edc.connector.controlplane.contract.negotiation.ConsumerContractNegotiationManagerImplTest$DispatchFailureArguments$$Lambda$633/0x00007f4678350800@645ba24a
org.eclipse.edc.connector.controlplane.contract.negotiation.ConsumerContractNegotiationManagerImplTest ‑ [3] VERIFYING, VERIFYING, java.util.concurrent.CompletableFuture@5cbe95b1[Completed exceptionally: org.eclipse.edc.spi.EdcException: error], org.eclipse.edc.connector.controlplane.contract.negotiation.ConsumerContractNegotiationManagerImplTest$DispatchFailureArguments$$Lambda$634/0x00007f4678350a60@28fa541
org.eclipse.edc.connector.controlplane.contract.negotiation.ConsumerContractNegotiationManagerImplTest ‑ [4] TERMINATING, TERMINATING, java.util.concurrent.CompletableFuture@2c2a903f[Completed exceptionally: org.eclipse.edc.spi.EdcException: error], org.eclipse.edc.connector.controlplane.contract.negotiation.ConsumerContractNegotiationManagerImplTest$DispatchFailureArguments$$Lambda$635/0x00007f4678350cc0@7d537616
…

org.eclipse.edc.api.auth.ApiAuthenticationRegistryImplTest ‑ hasService()
org.eclipse.edc.api.auth.delegated.DelegatedAuthenticationExtensionTest ‑ initialize(DelegatedAuthenticationExtension, ServiceExtensionContext)
org.eclipse.edc.api.auth.delegated.DelegatedAuthenticationExtensionTest ‑ initialize_noUrlGiven_shouldNotRegister(DelegatedAuthenticationExtension, ServiceExtensionContext)
org.eclipse.edc.api.auth.delegated.DelegatedAuthenticationServiceTest ‑ isAuthenticated_emptyHeaders()
org.eclipse.edc.api.auth.delegated.DelegatedAuthenticationServiceTest ‑ isAuthenticated_multipleAuthHeaders_shouldReject()
org.eclipse.edc.api.auth.delegated.DelegatedAuthenticationServiceTest ‑ isAuthenticated_noAuthHeader()
org.eclipse.edc.api.auth.delegated.DelegatedAuthenticationServiceTest ‑ isAuthenticated_noHeaders()
org.eclipse.edc.api.auth.delegated.DelegatedAuthenticationServiceTest ‑ isAuthenticated_notBearer()
org.eclipse.edc.api.auth.delegated.DelegatedAuthenticationServiceTest ‑ isAuthenticated_valid()
org.eclipse.edc.api.auth.delegated.DelegatedAuthenticationServiceTest ‑ isAuthenticated_withXapiKey()
…

♻️ This comment has been updated with latest results.

[paullatzelsperger]

FYI @lgblaumeiser. can't request your review, but feel free to take a look.