Add ability to manage auto-discovery settings dynamically

[r0mant]

We will be adding auto-discovery support to our Teleport Discover resource adding UI, starting with RDS.

To support it, we need ability to manage auto-discovery settings (e.g. update cloud resource filters) dynamically.
Right now it's just a static configuration with discovery_service config file.

The approach we discussed with @marcoandredinis is to create a new resource e.g. DiscoveryConfig that supports same filters as discovery_service:

kind: DiscoveryConfig
version: v1
metadata:
  name: production-resources
spec:
  discovery_group: prod
  // AWS auto-discovery matchers
  aws:
    ...
  // Azure auto-discovery matchers
  azure:
    ...
  // GCP auto-discovery matchers
  gcp:
    ...
  // Kube auto-discovery matchers
  kube:
    ...

discovery_service

discovery_service:
  enabled: "yes"
  discovery_group: prod

A discovery_service will monitor DiscoveryConfig resources and will dynamically update its auto-discovery configuration based on the resources that match its discovery_group field.

A DiscoveryService must be running with a well known discovery_group (eg "default").
For Cloud customers, this will be automatic (managed by Teleport Cloud).

When enrolling an RDS database, during the Deploy Database Service step, users should be able to enable auto-discovery for the current resource type/region and a set of labels.
This will create the following DiscoveryConfig:

kind: DiscoveryConfig
metadata:
  name: <uuid>
spec:
  discovery_group: default
  aws:
  - types: ["rds"]
    region: ["<db-region>"]
    labels: ...
    integration: "<integration>"

The DiscoveryService will receive this new matcher and will monitor those resources.
However, instead of using the credentials provider chain, it will use the integration to authenticate in AWS APIs.

Tasks

Beta Give feedback

1. RFD 0125 - Dynamic Auto-Discovery config #26613
   discover rfd size/md +3
2. Move Cloud Matchers to proto #27162
   backport/branch/v13 database-access discovery size/sm +4
3. Move Discovery Matchers to their own files #32325
   backport/branch/v14 size/sm +2
4. DiscoveryConfig: add proto and gRPC methods #32035
   backport/branch/v14 discover size/md +3
5. DiscoveryConfig: add service and client #32328
   backport/branch/v14 discover size/lg +3
6. DiscoveryConfig: add service with rbac support #32371
   backport/branch/v14 discover size/lg +3
7. DiscoveryMatchers: move checkandset to types package #32857
   backport/branch/v14 database-access discover discovery size/lg +5
8. DiscoveryConfig: init service and add resource to tctl #32399
   backport/branch/v14 discover size/md tctl +4
9. DiscoveryConfig: WebAPI CRUD #32591
   backport/branch/v14 discover size/md +3
10. Dynamic Discovery Matchers for Databases #33472
    backport/branch/v14 database-access discover discovery size/lg +5
11. Dynamic Discovery Matchers for Servers #34221
    backport/branch/v14 discovery no-changelog size/md +4
12. Discovery Matchers: add integration field #34530
    backport/branch/v14 discover discovery no-changelog size/md +5
13. Discovery: Use Integration credentials for fetchers #34582
    backport/branch/v14 discovery no-changelog size/md +4
14. https://github.com/gravitational/cloud/pull/6317
15. AWS OIDC: DeployDatabaseService per VPC #35899
    backport/branch/v14 discover no-changelog size/lg +4
16. DiscoveryService: poll on DiscoveryConfig events #35820
    backport/branch/v14 discover discovery no-changelog size/sm +5
17. AWSOIDC: Fix Session generator based on AWS OIDC Token #35719
    aws backport/branch/v14 discover no-changelog size/sm +5
18. Add vpc-id label to RDS Auto-Discover converter #35775
    backport/branch/v14 database-access discover discovery size/sm +5
19. Add label to DatabaseService when deploying using AWS OIDC #35793
    backport/branch/v14 database-access discover no-changelog size/sm +5
20. AWS OIDC DeployDatabaseServices - implement AutoUpgrades #35972
    backport/branch/v14 backport/branch/v15 discover no-changelog size/md +5
21. AWS OIDC List EC2: only ignore windows instances #36561
    backport/branch/v14 backport/branch/v15 no-changelog size/sm +4
22. List EC2 Instance Connect Endpoints: query multiple VPCs #36558
    backport/branch/v14 backport/branch/v15 no-changelog size/sm +4
23. AWSOIDC Deploy EICE: allow multiple endpoints #36570
    backport/branch/v14 backport/branch/v15 no-changelog size/md +4
24. Add EKS auto discovery for dynamic integration based fetchers. #38204
    backport/branch/v15 discovery kubernetes-access no-changelog size/lg +5
25. Enroll Mode for EC2 AutoDiscovery types #40937
    backport/branch/v15 no-changelog size/sm +3
26. EC2 AutoDiscover Script mode with Integration Credentials #40959
    backport/branch/v15 discovery no-changelog size/md +4
27. https://github.com/gravitational/cloud/issues/6795
28. EC2 Auto-Discovery: EICE support #35504
    aws backport/branch/v15 discover discovery no-changelog size/md +6