feat: support for dynamically fetching credentials from external command

[nettoclaudio]

This PR adds a new credential type: Dynamic. With it, we can issue the ClusterGateway's auth credential from an external command call - similar to what Kubectl does nowadays. If the returned credential is eligible for cache, we add it to it and use it until its expiration.

To use it, the admin should set ClusterGateway's credential type to Dynamic. Also, they must set the "exec" property in the Secret's data with the exec config to generate the credential from the command line - remember that the exec config is in JSON format. The external command must print to stdout the generated exec credential in JSON format as well.

Here's an example of how to generate credentials on EKS (relying on aws-image-authenticator to produce the credential from AWS linked role - IRSA):

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: my-eks-cluster
  labels:
    cluster.core.oam.dev/cluster-credential-type: Dynamic
stringData:
  endpoint: https://eks.example.com # EKS cluster's endpoint
  ca.crt: "..." # EKS cluster's CA bundle
  exec: >
    {
      "apiVersion": "client.authentication.k8s.io/v1beta1",
      "kind": "ExecConfig",
      "command": "aws-iam-authenticator",
      "args": [
        "token",
        "-i",
        "my-eks-cluster"
      ]
    }

Related links:

• https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
• https://kubernetes.io/docs/reference/config-api/client-authentication.v1beta1/
• https://kubernetes.io/docs/reference/config-api/client-authentication.v1/

Fixes #148

[codecov]

Codecov Report

Attention: Patch coverage is 95.71429% with 6 lines in your changes are missing coverage. Please review.

Project coverage is 43.05%. Comparing base (dc17e76) to head (d2f8e8f).
Report is 4 commits behind head on master.

Files	Patch %	Lines
...is/cluster/v1alpha1/clustergateway_types_secret.go	89.74%	3 Missing and 1 partial ⚠️
pkg/util/exec/exec.go	97.84%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #149      +/-   ##
==========================================
+ Coverage   38.43%   43.05%   +4.61%     
==========================================
  Files          15       16       +1     
  Lines        1522     1663     +141     
==========================================
+ Hits          585      716     +131     
- Misses        887      896       +9     
- Partials       50       51       +1     

Flag	Coverage Δ
unit-test	43.05% <95.71%> (+4.61%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[nettoclaudio]

Could someone re-trigger the CI pipelines? It seems they went in a transient error.

[wonderflow]

good job