Add HTTP-based PDP authorizer

[ghaskins]

IIntroduce a general-purpose authorization backend using HTTP-based Policy
Decision Points (PDPs). This authorizer can work with any PDP server that
implements the PORC (Principal-Operation-Resource-Context) decision endpoint.

Key features:

• HTTP client for connecting to PDP servers via /decision endpoint
• PORC mapping for MCP requests (Principal, Operation, Resource, Context)
• Configurable context inclusion (args, operation metadata)
• JWT claim extraction for principal attributes (roles, groups, scopes)

The authorizer uses a simple API contract:

• POST /decision with PORC JSON body
• Response: {"allow": true/false}

Compatible with Manetu PolicyEngine (MPE) and any custom PDP implementing
the same API.

Large PR Justification

Multiple related changes that would break if separated

[github-actions]

Large PR Detected

This PR exceeds 1000 lines of changes and requires justification before it can be reviewed.

How to unblock this PR:

Add a section to your PR description with the following format:

## Large PR Justification

[Explain why this PR must be large, such as:]
- Generated code that cannot be split
- Large refactoring that must be atomic
- Multiple related changes that would break if separated
- Migration or data transformation

Alternative:

Consider splitting this PR into smaller, focused changes (< 1000 lines each) for easier review and reduced risk.

See our Contributing Guidelines for more details.

---

This review will be automatically dismissed once you add the justification section.

[codecov]

Codecov Report

❌ Patch coverage is 81.96721% with 33 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.73%. Comparing base (a5f957f) to head (b55e1e9).

Files with missing lines	Patch %	Lines
pkg/authz/authorizers/http/porc.go	80.95%	4 Missing and 8 partials ⚠️
pkg/authz/authorizers/http/core.go	78.72%	6 Missing and 4 partials ⚠️
pkg/authz/authorizers/http/http_client.go	82.14%	5 Missing and 5 partials ⚠️
pkg/authz/authorizers/http/config.go	94.11%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3315      +/-   ##
==========================================
+ Coverage   64.57%   64.73%   +0.16%     
==========================================
  Files         369      373       +4     
  Lines       35953    36136     +183     
==========================================
+ Hits        23215    23392     +177     
+ Misses      10913    10896      -17     
- Partials     1825     1848      +23     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[JAORMX]

Do you mind if we generalize this a little bit more? I am really keen on this authorizer because it's so general purpose. Having an HTTP-based authorizer is something that's applicable quite generally and could potentially be used with other PDPs that would respect the same API signature.

So... Tell me what you think about this:

• Let's rename this authorizer to something more general like: httpv1 or something of the sort.
• We shall keep the PORC mappings and... basically keep this same implementation.
• Let's remove the manetu MPE policy domain examples from this particular PR to keep it constrained and smaller

There are some particular pieces that are tied to MPE (e.g. probe mode), but that's fine, we can keep those in this PR and generalize later.

What do you think?

Regarding the MPE policy domain samples: I want to find a good place for folks to view an e2e sample of this, and there we could add the MPE policy samples. What do you think?

[ghaskins]

@JAORMX I pushed an update with your suggested changes

Large PR justification has been provided. Thank you!

[github-actions]

✅ Large PR justification has been provided. The size review has been dismissed and this PR can now proceed with normal review.