KNOX-3355 - Add TrustedOidcIssuerService schema and interface

[hsheinblatt]

KNOX-3355 - Add TrustedOidcIssuerService schema and interface

Feature context:
Support OIDC JWKS discovery to validate tokens from external authorizers. Currently,
there is a fixed trusted JWKS list created as part of initial configuration that can be used
to validate tokens. Allow the dynamic registration of trusted issuers with a flag that they are
trusted for OIDC JWKS discovery. Tokens will be validated with discovered JWKS from
such trusted issuers.

An initial detailed use case is to validate kubernetes service account tokens from
external kubernetes clusters. When the kubernetes cluster is created or integrated,
the kubernetes issuer can be registered as trusted for JWKS discovery without knox
service disruption. Then, service account tokens from that cluster can be validated
using OIDC discovery for JWKS.

The implementation plan is bottom up: first the storage and interface for the trusted
issuers, then the implementation of registration through an admin API in knox idf, and
then the token validation integration. It will be part of knox_idf initially, but written to
be portable so that it can be moved into a different or separate service if more
OIDC discovery use cases emerge.

How this patch was tested:
New unit tests are added.

Follow on changes will implement the interface and then integrate in the implementation
into KnoxIDF flows, but now there is no integration or UI changes.

[github-actions]

Test Results

27 tests   27 ✅  3s ⏱️
 1 suites   0 💤
 1 files     0 ❌

Results for commit 94306c0.

[lmccay]

Hi @hsheinblatt - thank you for this initial contribution. Can you update the description to include some more context for this aspect of the larger feature? I believe that you are introducing the trusted issuer here as an extra qualifier to a given service account SVID/JWT to facilitate possible cross cluster interaction, is this correct?

Please add a description that articulates this need to disambiguate such credentials and for what use cases it is required.

[lmccay]

I'll leave the database changes for @smolnar82 or others to review in depth. Otherwise, it looks fine. I made a comment on the PR itself asking for more context in the description. Once that is done, you have a +1 from me but we will wait for someone more familiar with the schema layer and conventions to review there.

[hsheinblatt]

I've updated the description with more detail on the planned feature, please review.

[lmccay]

+1 for the overall approach and detailed description.
I've reviewed the interface which looks fine and the tests.
Again, I'll defer db schema related changes to review by @smolnar82