Adding JWT auth capability for s2s replication

[stuart-wells]

What changed?

Adds JWT to server-to-server connections. Frontend already had support for reading auth so this focuses on getting a token and injecting it.

Why?

s2s is currently a gap in the auth abilities. This provides more flexibility for users based on their auth requirements.

How did you test it?

• built
• run locally and tested manually
• covered by existing tests
• added new unit test(s)
• added new functional test(s)

Potential risks

Need to get auth right. Main risk is a user believing they are secure when they are not.

[dnr]

I haven't looked in detail at this code yet, but one feature that's been requested a lot is to be able to authenticate internode connections (within one cluster) with tokens instead of mTLS. Would it be easy to cover that use case in this PR as well?

[dnr]

Also, for frontend auth, we have this pluggable ClaimMapper interface that defines how tokens/TLS info is handled, and then a JWT-based implementation. Can we set up something similar (or reuse ClaimMapper) so that s2s (and internode) token-based auth isn't tied to JWT either?