feat: add BasicAuth Support to Atlantis ServeHTTP

[fblgit]

This PR:

1. Introduces the following flags:
   --web-basic-auth=bool (false by default) to enable/disable basic-auth on the webserver
   --web-username=string (atlantis by default) to set the webserver username
   --web-password=string (atlantis by default) to set the webserver password

2. BasicAuth feature over middleware HTTP server of Atlantis

• The URLPath /events is filtered out of the basic-auth requirement, as this element can be protected already by webhook secrets.
• The rest of the routes (lock, unlock, etc), if enabled, will request a basic-auth header in order to access the webserver.

Probably RequestLogger should be relabeled to something else that now identifies both the authentication, serving, and logging scenario for HTTP requests.

Motivation:
Despite being able to apply different mechanisms with a layer in front of Atlantis, like ingress, I believe that is reasonable the capacity of scope the access to the HTTP server directly within Atlantis.

[fblgit]

hey @nishkrishnan can u please give a hand and review this PR please ?

[xavipanda]

@chenrui333 there is any missing thing for this PR to go in ?

[acastle]

LGTM 🚀

[chenrui333]

LGTM, nice addition

[wendtek]

If putting Atlantis somewhere that requires healthchecks for availability, this now makes the /healthz endpoint require auth as well.

[wendtek]

I made a PR to address the issues this causes for using /healthz here: #1896
I'm not sure how others feel about leaving the healthcheck endpoint unprotected, but it is a fairly standard practice in many other authenticated web services.

[jamengual]

@fblgit the section https://www.runatlantis.io/docs/server-configuration.html was not updated with the new flags, could you please create another pr to add the new flags in that doc?

thanks.