[Flight][Java] Add optional session headers

[asfimport]

• Add a client middleware which receives and re-uses a session token from the server.
• Add a server middleware which, when encountering a request with no session header, creates a session on the backend, generates a token for it, and sends the token to the client in a header. The client can re-use this as indicated above.
• If the client has a session header, re-use the same session from the backend (report an error if an invalid session was used).

Reporter: Tiffany Lam / @tifflhl

_{Note: This issue was originally created as ARROW-10427. Please see the migration documentation for further details.}

[asfimport]

David Li / @lidavidm:
One thing to note is that we'd have to take care that the client can't modify the session. I also wonder if there's libraries we can take advantage of for this, like itsdangerous in Python. (We may want to consider a flight-contrib module at that point, though.)