add create_topic auth action on ns

pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java

@@ -488,6 +488,8 @@ public CompletableFuture<Boolean> allowNamespaceOperationAsync(NamespaceName nam
                                 return allowTheSpecifiedActionOpsAsync(
                                         namespaceName, role, authData, AuthAction.consume);
                             case CREATE_TOPIC:
+                                return allowTheSpecifiedActionOpsAsync(
+                                        namespaceName, role, authData, AuthAction.create_topic);
                             case DELETE_TOPIC:
                             case ADD_BUNDLE:
                             case DELETE_BUNDLE:

pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthorizationProducerConsumerTest.java

@@ -232,6 +232,10 @@ public void testSubscriberPermission() throws Exception {
                     "Unauthorized to validateTopicOperation for operation"));
         }
 
+        // grant namespace create_topic authorization to the subscriptionRole
+        tenantAdmin.namespaces().grantPermissionOnNamespace(namespace, subscriptionRole,
+                Collections.singleton(AuthAction.create_topic));
+
         // grant topic consume authorization to the subscriptionRole
         tenantAdmin.topics().grantPermission(topicName, subscriptionRole,
                 Collections.singleton(AuthAction.consume));

pulsar-client-admin-api/src/main/java/org/apache/pulsar/common/policies/data/AuthAction.java

@@ -22,6 +22,9 @@
  * Authorization action for Pulsar policies.
  */
 public enum AuthAction {
+    /** Permission to create topic. */
+    create_topic,
+
     /** Permission to produce/publish messages. */
     produce,