feat: authenticates using oauth2

[jajeffries]

This pull request refactors the fleet configuration manager to support extracting connection parameters and agent identity from JWT claims, rather than relying on legacy fields. It introduces a new parseJWTClaims function to robustly parse and validate JWT claims, updates MQTT authentication logic, and revises heartbeat message structure for improved schema compliance. Tests are updated to reflect these changes and ensure correctness.

JWT Claims Extraction and Usage

• Added a new parseJWTClaims function to extract orb:org_id, orb:zone, client_id, orb:agent_id, and orb:mqtt_url from JWT tokens, replacing legacy claim usage and improving robustness. (agent/configmgr/fleet.go)
• Updated topic generation and MQTT connection logic to use values from parsed JWT claims, ensuring correct agent identification and connection parameters. (agent/configmgr/fleet.go) [1] [2]

MQTT Connection and Authentication

• Changed MQTT authentication to use a username format of zone:client_id and password as the JWT token, with improved error handling for missing URLs. (agent/configmgr/fleet.go)
• Refactored the connection method signature to accept context, client ID, and zone, removing legacy shims. (agent/configmgr/fleet.go) [1] [2]

Heartbeat Message Structure

• Updated heartbeat messages to use SchemaVersion, TimeStamp, and State fields, removing legacy AgentID and Version fields. (agent/configmgr/fleet.go)
• Revised all related tests to validate the new heartbeat schema and ensure correct message content. (agent/configmgr/fleet_test.go) [1] [2] [3]

Testing and Validation

• Updated tests to reflect new JWT claim names and topic generation logic, ensuring that integration and unit tests match the refactored claim extraction and topic templates. (agent/configmgr/fleet_test.go) [1] [2] [3] [4]
• Improved test coverage for connection error handling and authentication changes. (agent/configmgr/fleet_test.go) [1] [2] [3]

Token Request Scope

• Changed OAuth token request scopes to orb.mqtt:agent and orb.mqtt:group, and added the audience parameter for improved compatibility with backend authentication. (agent/configmgr/fleet.go)

[github-actions]

Go test coverage

STATUS	ELAPSED	PACKAGE	COVER	PASS	FAIL	SKIP
🟢 PASS	0.23s	github.com/netboxlabs/orb-agent/agent	0.0%	0	0	0
🟢 PASS	0.23s	github.com/netboxlabs/orb-agent/agent/backend	0.0%	0	0	0
🟢 PASS	5.03s	github.com/netboxlabs/orb-agent/agent/backend/devicediscovery	76.0%	3	0	0
🟢 PASS	0.00s	github.com/netboxlabs/orb-agent/agent/backend/mocks	0.0%	0	0	0
🟢 PASS	5.03s	github.com/netboxlabs/orb-agent/agent/backend/networkdiscovery	75.8%	3	0	0
🟢 PASS	4.02s	github.com/netboxlabs/orb-agent/agent/backend/otel	76.4%	2	0	0
🟢 PASS	3.02s	github.com/netboxlabs/orb-agent/agent/backend/pktvisor	65.6%	2	0	0
🟢 PASS	5.03s	github.com/netboxlabs/orb-agent/agent/backend/snmpdiscovery	75.8%	3	0	0
🟢 PASS	5.02s	github.com/netboxlabs/orb-agent/agent/backend/worker	76.0%	3	0	0
🟢 PASS	1.01s	github.com/netboxlabs/orb-agent/agent/config	100.0%	6	0	0
🟢 PASS	34.49s	github.com/netboxlabs/orb-agent/agent/configmgr	60.6%	56	0	0
🟢 PASS	1.01s	github.com/netboxlabs/orb-agent/agent/policies	100.0%	15	0	0
🟢 PASS	1.03s	github.com/netboxlabs/orb-agent/agent/policymgr	70.3%	10	0	0
🟢 PASS	26.61s	github.com/netboxlabs/orb-agent/agent/secretsmgr	45.7%	45	0	0
🟢 PASS	1.01s	github.com/netboxlabs/orb-agent/agent/version	100.0%	1	0	0

Total coverage: 60.1%