refactor: enhancements of HTTP client session.

[youngsofun]

I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/

Summary

1. session auth by JWT not use session token. use header to pass client session id.
   2. . add need_refresh in session state, client do refresh only when it is true, client session id is written to meta only when there are temp tables (1. on /session/refresh 2. num of temp table changed from 0 to 1).
2. add endpoint /auth/verify for gateway, instead of using select 1
3. add need_sticky in session state, set to true if in txn or there are temp tables, server return error if it is true but server changed/restarted.
4. rename renew -> refresh, to be consistent with term refresh_token and for JWT session, no token is newed
5. extract HttpErrorCode to make it easier to return the right status code.
6. adjust, extract and rename TTLs, add TTL_GRACE_PERIOD_QUERY, to cover latencies and time skews.
7. check user or client_session_id of HTTPQuery to protect the query result.
8. page handler no longer to get user from meta.

Tests

• [ ] Unit Test
• [x] Logic Test
• [ ] Benchmark Test
• [ ] No Test - Explain why

Type of change

• [ ] Bug Fix (non-breaking change which fixes an issue)
• [ ] New Feature (non-breaking change which adds functionality)
• [ ] Breaking Change (fix or feature that could cause existing functionality not to work as expected)
• [ ] Documentation Update
• [x] Refactoring
• [ ] Performance Improvement
• [ ] Other (please describe):

---

This change is 

[what-the-diff[bot]]

PR Summary

• Introduction of new constants and revamped token handling

  • A new constant HEADER_SESSION_ID has been added which streamlines session identification in requests.
  • Token expiration durations are no longer hardcoded but come from a new constants file improving maintainability.
  • Token encoding and decoding now includes token type, providing better granularity in processing different token types.

• Modified TokenType and Credential structures

  • The implementation of the TokenType class has been enhanced to support conversions from numeric values to token types and to support pretty-printing.
  • DatabendToken variant in the Credential structure has been revised to exclude token_type and set_user, and a new need_refresh method has been introduced benefitting session refresh handling.

• Updates to Authentication and Session Management

  • Authentication logic has been overhauled to return a tuple containing the username and session ID, simplifying credential validation.
  • Better session management and tracking was done by adding new fields and methods to HttpQueryManager and HttpQueryContext.
  • A new method, refresh_in_memory_states, has been added for session state updates which boosts session usage tracking.

• Improved Error and Response Handling

  • The introduction of HttpErrorCode allows for enhanced error handling across different modules.
  • Response handling has been improved with updated functions in HttpQueryManager, ensuring better session state management.

• New Handlers for Verification and Refresh

  • Two new handlers have been introduced - a verify handler that responds to verification requests, and a refresh handler that replaces the old renew handler.
  • These handlers ensure efficient and accurate handling of verification and session refresh requests.

• Changes in Test Suite

  • Test cases have been updated to reflect changes in the authentication process, token handling, and error handling.
  • A new function for token verification has been introduced and test results have been updated to reflect the new functionality and changes in response formats.