Rewrite as wrapper around Java impl

[colinphill-mdsol]

Major version bump!

This PR completely rewrites the library to be a wrapper around the Java implementation, rather than an independent pure-Clojure implementation. It also uses the standard MAuth test suite to prove correctness.

Some notable details of the approach taken:

• I intentionally skipped two tests in the standard test suite, because the behavior they enforce is incorrect according to Web standards. There are comments in the test code explaining what is incorrect about each.
• This library no longer performs MAuth-enabled requests on behalf of the user. Instead, it provides a client middleware so that the user can wrap it around an HTTP client of their choice.
• I did not bundle an HTTP client for performing the public key lookup, because I want to allow library users to choose their own. For now, apps using the library will need to directly use one of the ClientPublicKeyProvider implementations provided by mauth-jvm-clients. As a future enhancement, I would like to add a factory function that will turn any HTTP client following the clj-http signature into a ClientPublicKeyProvider with appropriate caching.
• Many of the factory functions are extremely flexible in the argument types they will accept. This allows the caller to use real instances of the underlying types, or to use ordinary functions/values that are equivalent for a more idiomatic integration with Clojure. The convert namespace defines protocols which can be used to extend this flexibility further, if desired.
• I began to add support for the async versions of Ring/clj-http handlers, but I commented it out when I realized I would need to write extra test cases for that. We don't need that right now, the existing library doesn't support it, and it's relatively unlikely we have external users who need that. (But if you're reading this and you're an external user who needs that, please comment and let me know!)

[gitguardian]

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
329054	Triggered	RSA Private Key	6d6b8c9	src/com/mdsol/mauth/clojure/client.clj	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Revoke and rotate the secret.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

[colinphill-mdsol]

☝️ That GitGuardian check is a false positive. There is a key in a rich comment form, but it was generated specifically for testing.

[omendozarivera-mdsol]

Please update the README.md Usage and the included changelog for this version 3.

[omendozarivera-mdsol]

The message should be "Unauthorized." We should only log the exception.

[colinphill-mdsol]

1. Why? What's the harm in distinguishing between "this signature has expired" and "I couldn't find a public key for that UUID"?
2. The caller can customize this behavior if they don't like the default. That includes SF – SF can deviate from this default, if we want it to.
3. This is a library, so it shouldn't log anything unless it gives the caller control over that logging. That's a yak I don't want to take the time to shave right now.

[mmajumdar-mdsol]

Let's link this PR to a MCC ticket

[colinphill-mdsol]

Let's link this PR to a MCC ticket

I think there's one I can link – but why?

[mmajumdar-mdsol]

Let's link this PR to a MCC ticket

I think there's one I can link – but why?

just to backtrack what requirement caused this effort, and also it is a standard practice to keep the PRs associated with a ticket.

[colinphill-mdsol]

Closing this PR in favor of #34, whose branch name includes a Jira ticket number.