feat: support client assertion for client credentials authentication

[ewanharris]

Description

This PR introduces support for performing a client credentials authentication flow using client assertion (aka private key jwt, jwt ca) as an alternative to the existing client secret authentication method.

As this is an alternative ClientCredentials method I have split the existing configuration out into ClientSecretConfig and introduced a PrivateKeyJWT to go along side this and changed the ClientCredentialsConfig to be union of the two to allow type checking to work correctly.

The client assertion signing is performed using jose and I am using v5 of this library over v6 as the latter is an ESM only package which would have implications for our supported Node.js versions.

An extra, not insignificant change to this is the addition of a customClaims property on the client credentials configuration, this is to allow extra data to be passed to the token exchange for clients that need this.

References

Review Checklist

• I have clicked on "allow edits by maintainers".
• I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
• The correct base branch is being used, if not main
• I have added tests to validate that the change in functionality is working as expected

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	jose@​5.10.0

View full report

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 88.88889% with 2 lines in your changes missing coverage. Please review.

Project coverage is 88.16%. Comparing base (b605f86) to head (1cf2503).
Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
credentials/credentials.ts	88.88%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #228      +/-   ##
==========================================
- Coverage   88.18%   88.16%   -0.02%     
==========================================
  Files          23       23              
  Lines        1202     1217      +15     
  Branches      211      197      -14     
==========================================
+ Hits         1060     1073      +13     
- Misses         84       86       +2     
  Partials       58       58              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.