Caching option for all evaluators of all phases

[guicassolato]

Rolls out the same idea of #239 to all phases, i.e. any resulting object once evaluated by any evaluator can now be cached, and the cached value reused automatically by Authorino whenever the user-defined cache key for that particular evaluator repeats, until the cache entry expires.

Effectively, this change enables, e.g.:

• Caching of pre-validated access tokens (particularly useful in the case of OAuth2 opaque tokens introspected)
• Caching of complex Rego policies that involve sending requests to external services

You will not want to enable caching in evaluators whose execution is as cheap as accessing the cache, but for the expensive ones, we believe this feature can be very useful to speed up external authorization.

The PR also renames the env variable METADATA_CACHE_SIZE (introduced in #239) to the more generic EVALUATOR_CACHE_SIZE.

Likely, this will have to be improved in the future, to provide finer-grained configuration for the different use cases for the cache.

---

Verification steps

Build and deploy based on this branch:

make local-setup
kubectl -n authorino port-forward deployment/envoy 8000:8000 &

Apply the AuthConfig:

kubectl -n authorino apply -f -<<EOF
apiVersion: authorino.kuadrant.io/v1beta1
kind: AuthConfig
metadata:
  name: talker-api-protection
spec:
  hosts:
  - talker-api-authorino.127.0.0.1.nip.io
  identity:
  - name: anonymous
    anonymous: {}
  metadata:
  - name: cached-metadata
    http:
      endpoint: http://talker-api.authorino.svc.cluster.local:3000/metadata/{context.request.http.path}
      method: GET
    cache:
      key:
        valueFrom: { authJSON: context.request.http.path }
      ttl: 60
  authorization:
  - name: cached-authz
    opa:
      inlineRego: |
        now = time.now_ns()
        allow = true
      allValues: true
    cache:
      key:
        valueFrom: { authJSON: context.request.http.path }
      ttl: 60
  response:
  - name: x-authz-data
    json:
      properties:
      - name: cached-metadata
        valueFrom: { authJSON: auth.metadata.cached-metadata.uuid }
      - name: cached-authz
        valueFrom: { authJSON: auth.authorization.cached-authz.now }
EOF

Send requests:

1. To /hello

curl http://talker-api-authorino.127.0.0.1.nip.io:8000/hello
# […]
#  "X-Authz-Data": "{\"cached-authz\":\"1649343067462380300\",\"cached-metadata\":\"92c111cd-a10f-4e86-8bf0-e0cd646c6f79\"}",
# […]

2. To a different path

curl http://talker-api-authorino.127.0.0.1.nip.io:8000/goodbye
# […]
#  "X-Authz-Data": "{\"cached-authz\":\"1649343097860450300\",\"cached-metadata\":\"37fce386-1ee8-40a7-aed1-bf8a208f283c\"}",
# […]

3. To /hello again before the cache entry expires (60 seconds from the first request sent to this path)

curl http://talker-api-authorino.127.0.0.1.nip.io:8000/hello
# […]
#  "X-Authz-Data": "{\"cached-authz\":\"1649343067462380300\",\"cached-metadata\":\"92c111cd-a10f-4e86-8bf0-e0cd646c6f79\"}",  <=== same cache-id as before
# […]

4. To /hello again after the cache entry expires (60 seconds from the first request sent to this path)

curl http://talker-api-authorino.127.0.0.1.nip.io:8000/hello
# […]
#  "X-Authz-Data": "{\"cached-authz\":\"1649343135702743800\",\"cached-metadata\":\"e708a3a6-5caf-4028-ab5c-573ad9be7188\"}",  <=== different cache-id
# […]

---

Closes #20