Add new schema fields to configure Pomerium

[alessiodionisi]

Changes

• Changed pomerium-policy.yaml template to configure default routes based on furyctl.yaml modules.
• Added routes field to allow custom routes, replaces the old policy string field.
• Added defaultRoutesPolicy field to allow the customization of the policy field of the default routes, defaults to the current settings.
• Added SIGNING_KEY to Pomerium secrets.
• Removed duplicated schema code by creating a shared json imported in all schema kinds.
• Added usersRoleAttributePath and basicAuthIngress Grafana setting.

Example

spec:
  distribution:
    modules:
      monitoring:
        grafana:
          usersRoleAttributePath: contains(groups[*], 'product') && 'Admin' || contains(groups[*], 'engineering') && 'Editor' || 'Viewer'
          basicAuthIngress: false
      auth:
        pomerium:
          secrets:
            COOKIE_SECRET: xxxx
            IDP_CLIENT_SECRET: xxxx
            SHARED_SECRET: xxxx
            SIGNING_KEY: xxxx
          defaultRoutesPolicy:
            grafana:
              - allow:
                and:
                  - authenticated_user: true
            prometheus:
              - allow:
                and:
                  - authenticated_user: true
            alertmanager:
              - allow:
                and:
                  - authenticated_user: true
          routes:
            - from: https://some-url.ext
              to: http://service.namespace.svc.cluster.local

[alessiodionisi]

Rebased