[Tracking] OPA integration 2.0

[sbernauer]

Context: We want to move from our - honestly early stage - authorizer to the one Bloomberg build. It has a much nicer API and allows to batch multiple requests as well.

Long-term we want to have our custom CRDs e.g. TableGrant, SchemaGrant, CatalogGrant, which trino-operator consumes and automatically translates into OPA regorules similar to this, as it's rather complicated to write you own rego-rules.

Upstream PR at Trino: ~https://github.com/trinodb/trino/pull/17940~ - replaced by https://github.com/trinodb/trino/pull/19532.

Row level filtering and data masking PR: https://github.com/bloomberg/trino/pull/16

Current state https://github.com/sbernauer/trino/tree/add-open-policy-agent (mainline) (especially the rego rules, https://github.com/sbernauer/trino/tree/add-open-policy-agent (squashed for easier backporting) and https://github.com/sbernauer/trino/tree/414-with-opa (for 414-with-trino)

### Tasks
- [ ] https://github.com/stackabletech/docker-images/pull/410
- [ ] https://github.com/stackabletech/trino-operator/pull/444
- [ ] Add a note to our opa operator readme to say that it is going to be deprecated in favor of upstream
- [ ] Update the Authorization docs page: https://docs.stackable.tech/home/stable/trino/usage-guide/security#_authorization

[maltesander]

https://github.com/stackabletech/trino-operator/pull/491 uses the upstream opa authorizer for 428 (still self build and not in the original trino image).