refactor(auth): split authorization from authentication in BaseAuthMa…

[rjgoyln]

Summary

This PR implements the decoupling of Authentication (AuthN) and Authorization (AuthZ) by introducing a ComposableAuthManager. This allows users to mix and match different providers.

Changes

Core Logic

• Introduced ComposableAuthManager: A new manager that delegates authentication and authorization tasks to two independent sub-managers.
• Automatic Split Detection: Updated app.py and configuration.py to determine the manager type at startup:
  • If both core.authn_manager and core.authz_manager are configured, the system initializes ComposableAuthManager.
  • If neither is set, the system falls back to the legacy core.auth_manager.
  • If only one of the two is configured, the system raises an AirflowConfigException to prevent inconsistent states.

Configuration & Integration

• Config Template: Added authn_manager and authz_manager keys to core section in config.yml.
• Validation: Implemented checks to ensure both managers are subclasses of BaseAuthManager.
• Consistency Guard: Added logic to prevent initialization if the two managers return conflicting DB managers, ensuring database integrity.

Testing & Quality

• Unit Tests: Added comprehensive tests in test_app.py covering:
  • Fallback logic for legacy configurations.
  • Successful initialization of ComposableAuthManager with split settings.
  • Error handling for partial configurations.

• related: Split out Authorization from Authentication #65089
  -->

---

Was generative AI tooling used to co-author this PR?

• Yes (please specify the tool below)

---

• Read the Pull Request Guidelines for more information. Note: commit author/co-author name and email in commits become permanently public when merged.
• For fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
• When adding dependency, check compliance with the ASF 3rd Party License Policy.
• For significant user-facing changes create newsfragment: {pr_number}.significant.rst, in airflow-core/newsfragments. You can add this file in a follow-up commit after the PR is created so you know the PR number.