[auth]: add authentication

[legomushroom]

0. Adds the required Bearer auth strategy service API to the endpoints.
1. Adds the AAD JWT verification logic.
2. Adds the Cascade JWT verification logic.
3. Moves the extension to use the @vs/vscode-account module for authentication to share the access tokens with Live Share.

Still waits on:

0. Live Share change and release to reuse the auth strategies used by Live Share.

[arjunattam]

looks awesome! would we want auth on the websocket?

also, couple of very minor things

• the dump.rdb file got committed (backed up from running Redis-server)
• can we remove package-lock.json (using yarn)?

[legomushroom]

@arjun27 @lostintangent added the Cascade token validation, now the user will be able to use any (ms/gh) account thru live share. Also addressed some feedback please take a look.

Re the WS auth, what are we using the WS for at the moment?

[arjunattam]

Re the WS auth, what are we using the WS for at the moment?

We're using the websocket transport that comes with cowboy (webserver for elixir) – cowboy is also listening for http. We could de-prioritize gating on websocket, at least till we implement private communities (#45)

Code for websocket, on the service, in case you want to review: https://github.com/vsls-contrib/communities/blob/master/service/lib/communities/websocket.ex

[legomushroom]

@arjun27 ya, but what scenarios we are using the WS for?

[arjunattam]

what scenarios we are using the WS for?

The websocket delivers real-time updates for: changes to the communities the user is a member of (member added/removed, founder changed), and new requests and messages in these communities

[legomushroom]

@arjun27 I see, thanks. Sounds like we do want to restrict those also. Maybe not in this PR though.