RBAC with multiple roles and chains-friendly

[umputun]

Converted RBAC middleware to a more traditional signature and added support of matching against multiple roles.

The reason for this change - in any modern framework supporting middleware chains (i.e. route.With(middleware, middleware2, ....) the old signature expecting handler as a part of the call is not smth usual and not easy to use. In addition, in practical use cases, one route (or group of routes) often allowed for multiple roles.

Another thing included in this PR - old test with ClaimUpdater counted on token's refresh and didn't work in normal circumstances. I'm not really sure how it even passed Actions CI, probably due to incorrect (different) clock on action workers. Replaced by pre-generated token and simplified test's code.

@kleash pls take a look. This change won't be backward compatible but I think it will be the right thing to do.

[github-actions]

Pull Request Test Coverage Report for Build 211706299

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 94.5%

---

Totals
Change from base Build 210642862:	0.0%
Covered Lines:	189
Relevant Lines:	200

---

💛 - Coveralls

[kleash]

Looks good, I was going to open PR for multiple roles, but this covers everything well.