IAM 885 OAuth2 client and resource server integration

[BarcoMasile]

Description

This PR introduces the OAuth2/OIDC client integration for the Admin Service. It also introduces an authentication middleware for the OAuth2 Resource Server integration. Right now the middleware only checks for a valid access token in the Authorization bearer token. This lays the groundwork for the implementation of the spec ID036. The client integration makes assumptions on how the Hydra OAuth2 client should be configured, a readme will be added in a new PR to put this information on "paper". From the newly introduced env variables the authentication middleware and handler are disabled by default in order not to break current deployment with an "improperly configured" (according to new changes) Hydra client. Right now also the login endpoint /api/v0/login returns a json with three tokens (access, id and refresh tokens). This is temporary since the implementation of the ID36 spec needs a redirect at the end of the login process.

NB

Only one unit test is missing from the tests, it is the happy path for the Userinfo based token verifier. This is due to the impossiblity to mock the used struct (from the 3rd library, see issue), and also because the lines of code to test are minimal, so I consider it ok for now.

[BarcoMasile]

Perhaps we should consider using https://github.com/coreos/go-oidc, it is a wrapper around the oauth2 std lib (the one that we use). Jimm went with this one and I think it would be nice if could have a consistent stack.

TBH I don't love either of those implementations

We are using exactly that library (see go.mod), which provides only the OIDC layer on top of the OAuth2 "layer" provided by a 3rd party library.

[nsklikas]

We are using exactly that library (see go.mod), which provides only the OIDC layer on top of the OAuth2 "layer" provided by a 3rd party library.

You are right, I am blind. I was confused because a lot of the methods/objects come from the std lib