support using an identity-aware proxy for auth

[memory]

Rather than directly fetching and verifying OAuth assertions, assume that the app is running behind an authenticating proxy, and trust headers that are set by the proxy.

• add config support for an "authbackend" directive, supporting either "oauth" or "proxy" as values; the "proxy" setting selects our new codepath
• add initProxyAuth and proxyAuthMiddleware methods to the Handler struct
• rename authMiddleWare to oAuthMiddleware in the Handler struct
• construct a faked auth.JWTClaims object when in proxy mode
• update Handler.handleAuthCheck() to return useful info in proxy mode
• add a fallback user icon for proxy mode
• implement check for proxy mode in index.js

See for example and reference:

https://cloud.google.com/iap/docs/identity-howto https://cloud.google.com/beyondcorp/

[coveralls]

Pull Request Test Coverage Report for Build 351

• 21 of 83 (25.3%) changed or added relevant lines in 2 files are covered.
• 1 unchanged line in 1 file lost coverage.
• Overall coverage decreased (-1.4%) to 36.545%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
handlers/handlers.go	8	17	47.06%
handlers/auth.go	13	66	19.7%
<!--	Total:	21	83	25.3%	-->

Files with Coverage Reduction	New Missed Lines	%
handlers/handlers.go	1	73.68%
<!--	Total:	1		-->

Totals
Change from base Build 349:	-1.4%
Covered Lines:	421
Relevant Lines:	1152

---

💛 - Coveralls

[mxschmitt]

Great! 👍