New cross model macaroon authenticator component

[wallyworld]

Description of change

A new authentication component is added which will be used to create and discharge macaroons required to access cross model offers. This PR introduces the component - the following PR wires it up.
The authenticator is responsible for minting macaroons used to access offers and relations to those offers, as well as validating those macaroons, and creating discharge mararoons upon validating that a user has access to an offer.

A chunk of this PR is a bit of refactoring of the common cross model Backend interfaces so that related facades can use the common infrastructure when things are wired up next PR.

Macaroons are given an expiry time of 2 minutes, which should be sufficient to set up a cross model relation before the macaroon needs to be discharged again.

We also add relation-key to the offer connection details record in state - this will also be used next PR. The remote relation worker also uses a macaroon slice to hold onto working copies of the macaroons used.

As a drive by, no longer apt install socat during cloud-init as we no longer use it.

QA steps

None in this PR - QA is done in the next PR when everything is wired up.

[axw]

do you really need the AuthContext in the method names? maybe just "WithClock" and "WithDischargeURL"?

[wallyworld]

ok

[axw]

return bakery.NewMacaroon(... ?

[wallyworld]

ok

[axw]

invert this to err == nil and return early

[wallyworld]

ok

[wallyworld]

$$merge$$

[jujubot]

Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju