Support multiple users in the UI

[timbru]

The UI login relies on the global 'admin' token.

This means that there is no way to differentiate between users:

• they share credentials
• they have the same full access
• it is not clear from audit logs who did what

Work-around could be to enable some form of basic authentication on the proxy.

But, in time this should be improved. Ideas. and operational requirements are welcome!

We will probably need to support multiple users, with their own passwords, and the ability to restrict access to specific CAs in krill (if more than one exists) based on the user. Preferably though without re-inventing the wheel. Maybe we can / should work with public openid providers? Like, use your github / google / $something account to login?

[aistiszen]

We've had good success combining Hydra (https://www.ory.sh/hydra/docs) for token management and Keto (https://www.ory.sh/keto) for ACLs/policy control.