KafkaSinkCluster: authorize_scram_over_mtls

[rukai]

closes https://github.com/shotover/shotover-proxy/issues/1600

Possibly useful resources:

• SCRAM RFC
• SCRAM implementation for python kafka driver

This PR introduces a new optional config to KafkaSinkCluster:

            authorize_scram_over_mtls:
              mtls_port_contact_points: ["172.16.1.2:9094"]
              tls:
                certificate_authority_path: "tests/test-configs/kafka/tls/certs/localhost_CA.crt"
                certificate_path: "tests/test-configs/kafka/tls/certs/localhost.crt"
                private_key_path: "tests/test-configs/kafka/tls/certs/localhost.key"
                verify_hostname: true

The documentation added in docs/src/transforms.md explains what this feature does and why we want it, so please refer to it.

In terms of implementation decisions:

I looked into two crates to provide the SCRAM implementation

• rsasl crate
  • CI is broken
  • supports SCRAM, but no obvious way to use just SCRAM
• sasl crate
  • very easy to use just the SCRAM parts we need.
  • Maintained within the XMPP repo
    • negative: sasl crate may be tailored more towards the needs of XMPP
    • positive: the XMPP maintainers are available to maintain the sasl crate.

In conclusion the sasl crate looked like a clear winner, so I went with it.

I've left the hardcoded 4 second delay in, it will be addressed along with caching delegation tokens in a follow up PR: https://github.com/shotover/shotover-proxy/issues/1618