OIDC/OAuth2 authentication support

[mrtamm]

At the moment, Funnel supports only Basic authentication (which is optional to configure).

1. Add support for the API being protected as an OAuth2.0 resource server:
   • (is able to consume a Bearer access token in addition to Basic)
2. Perform OAuth 2.0 Token Introspection (RFC: https://www.rfc-editor.org/rfc/rfc7662.html)
   • location = "GET issuer well-known endpoint"["introspection_endpoint"]
   • uses the client_id and client_secret that will be generated when service is registered into the AAI (so should be provided e.g. as ENV var or configuration option)
3. To validate response, check at least following claims match:
   • the token is active (has not expired)
   • the token was issued by the configured OIDC service
   • audience: array contains funnel_id or the audience string equals funnel_id
     • funnel_id might be e.g. URL of the API, or the client_id (from config/param)
   • scope: contains "tes_api" value
4. The command-line client needs to support providing the Bearer token.

[mrtamm]

Please review the associated pull-request: #3

[mrtamm]

Regarding the issue description, here is a sample configuration snippet to support it:

Server:
  OidcAuth:
    ServiceConfigUrl: "https://login.elixir-czech.org/oidc/.well-known/openid-configuration"
    ClientId: your-client-id
    ClientSecret: your-client-secret
    RequireScope: "tes_api ga4gh_passport_v1"
    RequireAudience: your-funnel-id

[mrtamm]

Development successfully merged to the master branch.