feat(tokens): offline validation

[jakubdyszkiewicz]

Introduce offline token validation for all types of tokens in the system.
It lets the user provide the public key as a config file and use other systems (including kumactl) to generate tokens without maintaining the connection to kuma cp.

Changes:

• A lot of new configuration fields like specified in MADR
• dpserver#auth is deprecated. useTokenPath is renamed.
• Autoconfigure new fields from the old fields if old fields are set to smooth the migration process.
• Issuers can be disabled (enabled by default)
• Validating tokens using Secrets can be disabled (enabled by default)
• Token Validators take a list of KeyAccessors and they are executed in the order. That means that static public keys take precedence if they are defined.
• Issuers can be disabled by passing implementations that always returns an error.

This also comes with an interesting feature that now you can have separate DP tokens signing keys for every zone if you want.

Fix #4031

Checklist prior to review

• Link to relevant issue as well as docs and UI issues --
• This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as a image registry) and it will work on Windows, system specific functions like syscall.Mkfifo have equivalent implementation on the other OS --
• Tests (Unit test, E2E tests, manual test on universal and k8s) --
• Do you need to update UPGRADE.md? --
• Does it need to be backported according to the backporting policy? -- no
• Do you need to explicitly set a > Changelog: entry here or add a ci/ label to run fewer/more tests?

[lahabana]

Sweet!

[lukidzi]

LGTM 🎉