Backport of openapi: Fix logic for labeling unauthenticated/sudo paths into release/1.13.x

[hc-github-team-secure-vault-core]

Backport

This PR is auto-generated from #19600 to be assessed for backporting due to the inclusion of the label backport/1.13.x.

The below text is copied from the body of the original PR.

---

The previous logic for matching unauthenticated & sudo paths in OpenAPI did not take into account the + wildcard, so some of the PKI paths were skipped.

With new logic, these are the new unauthenticated paths introduced for builtin plugins:

❱ diff unauth_before unauth_after2
27a28,30
> "/identity/oidc/provider/{name}/.well-known/keys"
> "/identity/oidc/provider/{name}/.well-known/openid-configuration"
> "/identity/oidc/provider/{name}/token"
57a61,69
> "/{pki_mount_path}/issuer/{issuer_ref}/crl"
> "/{pki_mount_path}/issuer/{issuer_ref}/crl/delta"
> "/{pki_mount_path}/issuer/{issuer_ref}/crl/delta/der"
> "/{pki_mount_path}/issuer/{issuer_ref}/crl/delta/pem"
> "/{pki_mount_path}/issuer/{issuer_ref}/crl/der"
> "/{pki_mount_path}/issuer/{issuer_ref}/crl/pem"
> "/{pki_mount_path}/issuer/{issuer_ref}/der"
> "/{pki_mount_path}/issuer/{issuer_ref}/json"
> "/{pki_mount_path}/issuer/{issuer_ref}/pem"

The list of "sudo" paths is unaffected by this PR for builtin plugins.

Resolves: #19581, VAULT-14576

---

Overview of commits

• 09d58d1