WIP: Allow DelegatedIdentity API clients to subscribe by PID

[bleggett]

This is designed to provoke discussion around the DelegateIdentity API changes required for spiffe/spire#5019

This is following the "pass PIDs" approach settled on in the RFC doc: https://docs.google.com/document/d/1A1oQHuR6z3bvQtXN17r2EwBr5lazGGPbUPkxoURAAh4/edit

This assumes that the caller/client is ensuring that the PID is not recycled for the duration of the stream/call, using pidfd or similar.

Looking for the following feedbacks:

• Is this additional functionality a good fit for the DelegateIdentity API or should we add a new API? I think we should just extend DI.

• Do we object to supporting stream/subscriber based APIs? I think we should support them, even though the PID recycling protection requirement puts more onus on the client.

• Do we want to do this for both JWT and x509 SVIDs? I assume so, and added new calls for both of the ones that previously required selectors.

• Rather than make currently-required fields optional (selectors), I added parallel calls with new, parallel messages/fields. Do we want to do it like this, or do we want to use a single message/call and deprecate the old fields?