Add more path authorization enforced tests

[federicaagostini]

This PR was requested during a DOMA BDT meeting, following the discussion in issue https://github.com/WLCG-AuthZ-WG/common-jwt-profile/issues/21.

Here more path authorization enforced tests are added, in particular

1. storage.read:/foobar allows to read into the /foobar directory
2. storage.read:/foo does not allow to read into the /foobar directory
3. Create directory allowed with storage.create scope
4. Create directory not allowed with storage.create scope and partial path
5. storage.read scope with path not compliant with RFC3986 is rejected.
   In this case we check that a GET HTTP request returns a forbidden status on the existing resource /wlcg-jwt-compliance/<uuid>/foobar with a bearer token that has a storage.read:/foobar scope
6. Trailing slash allows to read into a directory. This test is excluded from the CI (i.e. is not present in the summary email report) since I guess is still under discussion. What we're testing is that a storage.read:/foobar/ scope allows to read into an existing /foobar directory, while storage.read:/foo/ and storage.read:/foobar forbids to read into that directory (obviously this test will never success if test 1 above passes as well).

The tests number 2 and 4 are the ones that breaks the fully compliance of XRootD and StoRM WebDAV sites, thus they have been tagged as not-critical (while the remaining ones are critical). In this way one can filter the test report by tag to check directly the result.

The summary tests report of this PR is available here.