Add signature validation for the AthenzDomain Custom Resource

[mdhume]

Please describe the problem that you are trying to solve
When the Athenz-Istio-Auth controller receives an add or update event for the AthenzDomain custom resource (created by the Athenz Syncer), it should verify the signature of the domain to verify integrity of the data.

Describe the solution you'd like
When the Athenz-Istio-Auth controller receives an add or update event for the AthenzDomain, it should extract the JWS Domain object from the status field of the AthenzDomain CR and verify the signature of the JWS Domain object before processing the domain in the sync function. A sample JWS domain object is shown below.

{
  "payload": "Zm9vYmFyCg==.....",
  "header": {
    "keyid": "zms.key.3.0"
  },
  "signature": "YmFyZm9vCg==...",
  "protected": "YmFyCg==..."
}

As can be seen above, the object consists of the payload, signature, keyid, and the protected fields. Before we can cast the payload into a domain object, we must verify the payload using the keyid specified. The steps are shown below.

1. Use the Athenz ZMS client GetPublicKeyEntry function to fetch the keyid specified.
2. Use the zmssvctoken ybase64 DecodeString functionality to decode the key response.
3. Use a JWS library to verify the payload against the signature field using the public key fetched from ZMS.