refactor(extensions)!: refactor the extensions URLs and errors (#1636)

BREAKING CHANGE: The functionality provided by the mgmt endpoint has beed redesigned - see details below
BREAKING CHANGE: The API keys endpoint has been moved -  see details below
BREAKING CHANGE: The mgmt extension config has been removed - endpoint is now enabled by having both the search and the ui extensions enabled
BREAKING CHANGE: The API keys configuration has been moved from extensions to http>auth>apikey

mgmt and imagetrust extensions:
- separate the _zot/ext/mgmt into 3 separate endpoints: _zot/ext/auth, _zot/ext/notation, _zot/ext/cosign
- signature verification logic is in a separate `imagetrust` extension
- better hanling or errors in case of signature uploads: logging and error codes (more 400 and less 500 errors)
- add authz on signature uploads (and add a new middleware in common for this purpose)
- remove the mgmt extension configuration - it is now enabled if the UI and the search extensions are enabled

userprefs estension:
- userprefs are enabled if both search and ui extensions are enabled (as opposed to just search)

apikey extension is removed and logic moved into the api folder
- Move apikeys code out of pkg/extensions and into pkg/api
- Remove apikey configuration options from the extensions configuration and move it inside the http auth section
- remove the build label apikeys

other changes:
- move most of the logic adding handlers to the extensions endpoints out of routes.go and into the extensions files.
- add warnings in case the users are still using configurations with the obsolete settings for mgmt and api keys
- add a new function in the extension package which could be a single point of starting backgroud tasks for all extensions
- more clear methods for verifying specific extensions are enabled
- fix http methods paired with the UI handlers
- rebuild swagger docs

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

pkg/api/authn.go

@@ -18,6 +18,7 @@ import (
 	"time"
 
 	"github.com/chartmuseum/auth"
+	guuid "github.com/gofrs/uuid"
 	"github.com/google/go-github/v52/github"
 	"github.com/google/uuid"
 	"github.com/gorilla/mux"
@@ -353,7 +354,7 @@ func (amw *AuthnMiddleware) TryAuthnHandlers(ctlr *Controller) mux.MiddlewareFun
 				return
 			}
 
-			isMgmtRequested := request.RequestURI == constants.FullMgmtPrefix
+			isMgmtRequested := request.RequestURI == constants.FullMgmt
 			allowAnonymous := ctlr.Config.HTTP.AccessControl.AnonymousPolicyExists()
 
 			// try basic auth if authorization header is given
@@ -443,7 +444,7 @@ func bearerAuthHandler(ctlr *Controller) mux.MiddlewareFunc {
 			name := vars["name"]
 
 			// we want to bypass auth for mgmt route
-			isMgmtRequested := request.RequestURI == constants.FullMgmtPrefix
+			isMgmtRequested := request.RequestURI == constants.FullMgmt
 
 			header := request.Header.Get("Authorization")
 
@@ -849,3 +850,25 @@ func GetAuthUserFromRequestSession(cookieStore sessions.Store, request *http.Req
 
 	return identity, true
 }
+
+func GenerateAPIKey(uuidGenerator guuid.Generator, log log.Logger,
+) (string, string, error) {
+	apiKeyBase, err := uuidGenerator.NewV4()
+	if err != nil {
+		log.Error().Err(err).Msg("unable to generate uuid for api key base")
+
+		return "", "", err
+	}
+
+	apiKey := strings.ReplaceAll(apiKeyBase.String(), "-", "")
+
+	// will be used for identifying a specific api key
+	apiKeyID, err := uuidGenerator.NewV4()
+	if err != nil {
+		log.Error().Err(err).Msg("unable to generate uuid for api key id")
+
+		return "", "", err
+	}
+
+	return apiKey, apiKeyID.String(), err
+}