feat(state): core of reading/writing identities in state

[benhoyt]

This adds code and tests for the state core of identities (spec OP043).

There's a new map[string]*Identity in state, which is marshalled via marshalledIdentity to disk. The marshalling for API requests is done by the apiIdentity type -- these are separate to ensure that the API (default) MarshalJSON for Identity does not include secrets (in future when we have identity types that include secrets; there's only user-id for now). So that's why there's a few more types and a bit more boilerplate than is necessary right now.

The new public State methods are:

• AddIdentities: add new identities to the system
• UpdateIdentities: update existing identities in the system
• ReplaceIdentities: replace the given identities in the system; this allows adding new ones, updating existing ones, and removing identities (nil/null means remove)
• RemoveIdentities: remove existing identities in the system
• Identities: list all identities

Each of the FooIdentities modification functions validates that the identities are valid, and that the user-ids are unique, before applying to state.