api: auth and proxy requests to the backend APIs
This adds capabilities to the api code to proxy any request to the internal apis instead of nginx.
It introduces the concept of toolforge headers:
- x-toolforge-user
- x-toolforge-tool
Where it will leave the detected user/tool if any.
It fixes some envvars that were not prefixed with APP_
, and changes
a bit the configuration to adapt for the new api info needed for the
forwarding.
Currently the only authenticaation is the one using ssl certificates and the path tool if any is passed.
See https://nginx.org/en/docs/http/ngx_http_auth_request_module.html for details on nginx auth_request module
Bug: #363983
Signed-off-by: David Caro dcaro@wikimedia.org