Introduce support for OIDC workload identity federation (#3711)

* feat(oidc): introduce support for OIDC workload identity federation

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): add e2e test for bearer OIDC and a kind cluster

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): make OIDC workload identity federation its own feature

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): move errors to the errors package

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): fix race in cel package

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): compile cel expressions

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

---------

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

pkg/cli/server/config_reloader_test.go

@@ -90,7 +90,8 @@ func TestConfigReloader(t *testing.T) {
 		So(string(initialData), ShouldContainSubstring, "configuration settings")
 		// verify authentication methods status messages are present in initial startup
 		verifyAuthenticationLogs(initialData, map[string]bool{
-			"bearer authentication":           false,
+			"jwt bearer authentication":       false,
+			"oidc bearer authentication":      false,
 			"basic authentication (htpasswd)": true,
 			"basic authentication (LDAP)":     false,
 			"basic authentication (API key)":  false,
@@ -162,7 +163,8 @@ func TestConfigReloader(t *testing.T) {
 		So(string(data), ShouldContainSubstring, "\"Actions\":[\"read\",\"create\",\"update\",\"delete\"]")
 		// verify authentication methods status messages are present
 		verifyAuthenticationLogs(data, map[string]bool{
-			"bearer authentication":           false,
+			"jwt bearer authentication":       false,
+			"oidc bearer authentication":      false,
 			"basic authentication (htpasswd)": true,
 			"basic authentication (LDAP)":     false,
 			"basic authentication (API key)":  false,
@@ -223,7 +225,8 @@ func TestConfigReloader(t *testing.T) {
 		So(string(initialData), ShouldContainSubstring, "configuration settings")
 		// verify authentication methods status messages are present in initial startup
 		verifyAuthenticationLogs(initialData, map[string]bool{
-			"bearer authentication":           false,
+			"jwt bearer authentication":       false,
+			"oidc bearer authentication":      false,
 			"basic authentication (htpasswd)": false,
 			"basic authentication (LDAP)":     false,
 			"basic authentication (API key)":  false,
@@ -287,7 +290,8 @@ func TestConfigReloader(t *testing.T) {
 		So(string(data), ShouldNotContainSubstring, "\"Dedupe\":false")
 		// verify authentication methods status messages are present
 		verifyAuthenticationLogs(data, map[string]bool{
-			"bearer authentication":           false,
+			"jwt bearer authentication":       false,
+			"oidc bearer authentication":      false,
 			"basic authentication (htpasswd)": false,
 			"basic authentication (LDAP)":     false,
 			"basic authentication (API key)":  false,
@@ -359,7 +363,8 @@ func TestConfigReloader(t *testing.T) {
 		So(string(initialData), ShouldContainSubstring, "configuration settings")
 		// verify authentication methods status messages are present in initial startup
 		verifyAuthenticationLogs(initialData, map[string]bool{
-			"bearer authentication":           false,
+			"jwt bearer authentication":       false,
+			"oidc bearer authentication":      false,
 			"basic authentication (htpasswd)": false,
 			"basic authentication (LDAP)":     false,
 			"basic authentication (API key)":  false,
@@ -435,7 +440,8 @@ func TestConfigReloader(t *testing.T) {
 		So(string(data), ShouldContainSubstring, "\"Semver\":false")
 		// verify authentication methods status messages are present
 		verifyAuthenticationLogs(data, map[string]bool{
-			"bearer authentication":           false,
+			"jwt bearer authentication":       false,
+			"oidc bearer authentication":      false,
 			"basic authentication (htpasswd)": false,
 			"basic authentication (LDAP)":     false,
 			"basic authentication (API key)":  false,
@@ -500,7 +506,8 @@ func TestConfigReloader(t *testing.T) {
 		So(string(initialData), ShouldContainSubstring, "configuration settings")
 		// verify authentication methods status messages are present in initial startup
 		verifyAuthenticationLogs(initialData, map[string]bool{
-			"bearer authentication":           false,
+			"jwt bearer authentication":       false,
+			"oidc bearer authentication":      false,
 			"basic authentication (htpasswd)": false,
 			"basic authentication (LDAP)":     false,
 			"basic authentication (API key)":  false,
@@ -566,7 +573,8 @@ func TestConfigReloader(t *testing.T) {
 		So(string(data), ShouldContainSubstring, "\"DBRepository\":\"another/unreachable/trivy/url2\"")
 		// verify authentication methods status messages are present
 		verifyAuthenticationLogs(data, map[string]bool{
-			"bearer authentication":           false,
+			"jwt bearer authentication":       false,
+			"oidc bearer authentication":      false,
 			"basic authentication (htpasswd)": false,
 			"basic authentication (LDAP)":     false,
 			"basic authentication (API key)":  false,