We move the proxy from using its placeholder macaroon creation and
verification to instead use the agreed upon macaroon design. Much of
this is solely a refactor, but some new functionality has also been
introduced as part of integrating the LSAT mint:
1. A request's target service is now verified to ensure its attached
LSAT is authorized.
2. The preimage is now checked against the token's committed payment
hash to ensure it has been paid for.
The service limiter holds all of the constraints that should be applied
to a given service at the base tier. These are currently static and are
parsed from the proxy's configuration file as a temporary work-around.
Eventually, we plan to integrate this with etcd as well in order to
achieve dynamic service discovery.
Allows the ability for the proxy to connect to an etcd cluster for any
reliable data storage purposes. No data is being stored yet as of this
commit, but we'll be storing LSAT secrets at a later commit.
One key component in this commit is that we introduce a new top level
key that will serve to hold all LSAT proxy-related data. Any nested keys
should be prefixed with said top level key.
Co-authored-by: Oliver Gugger <gugger@gmail.com>
