feat: integrate openID auth logic and user profile management (#1381)

This change introduces OpenID authn by using providers such as Github,
Gitlab, Google and Dex.
User sessions are now used for web clients to identify
and persist an authenticated users session, thus not requiring every request to
use credentials.
Another change is apikey feature, users can create/revoke their api keys and use them
to authenticate when using cli clients such as skopeo.

eg:
login:
/auth/login?provider=github
/auth/login?provider=gitlab
and so on

logout:
/auth/logout

redirectURL:
/auth/callback/github
/auth/callback/gitlab
and so on

If network policy doesn't allow inbound connections, this callback wont work!

for more info read documentation added in this commit.

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
Co-authored-by: Alex Stan <alexandrustan96@yahoo.ro>

pkg/api/config/config.go

@@ -45,6 +45,7 @@ type AuthConfig struct {
 	HTPasswd  AuthHTPasswd
 	LDAP      *LDAPConfig
 	Bearer    *BearerConfig
+	OpenID    *OpenIDConfig
 }
 
 type BearerConfig struct {
@@ -53,6 +54,18 @@ type BearerConfig struct {
 	Cert    string
 }
 
+type OpenIDConfig struct {
+	Providers map[string]OpenIDProviderConfig
+}
+
+type OpenIDProviderConfig struct {
+	ClientID     string
+	ClientSecret string
+	KeyPath      string
+	Issuer       string
+	Scopes       []string
+}
+
 type MethodRatelimitConfig struct {
 	Method string
 	Rate   int
@@ -63,6 +76,7 @@ type RatelimitConfig struct {
 	Methods []MethodRatelimitConfig `mapstructure:",omitempty"`
 }
 
+//nolint:maligned
 type HTTPConfig struct {
 	Address       string
 	Port          string