This is the final bit of logic implementing server-to-server authentication, namely validation of the domain name provided as part of the request against the certificate checked at the point of SSL termination.

Interesting deatils/other changes:

* Pass X-SSL-Subject header to GRPC handler

* Implement domain verification from certificate

* Make local integration tests work with coredns

* Add originDomain configuration option for tests

This is used to set the originDomain field in federated requests within
federator integration tests. It cannot be set to a fixed canned value
like "example.com", because federators make SRV requests to perform
server-to-server authentication, so the domain must be something whose
DNS server contains an appropriate SRV record, and so it needs to be set
differently according to whether the test is running in the local "demo"
environment (where we have a tiny DNS server for "example.com"), or in
the CI integration setup, where we can rely on kubernetes DNS server for
the federation ingress host.

* Rename IInvalidDomain to IAuthenticationFailed

* Federator/Makefile: Provide pattern to integration tests correctly

Co-authored-by: Akshay Mankar <akshay@wire.com>
Co-authored-by: jschaul <jschaul@users.noreply.github.com>