Add cookie session authenticator

[alexdavid]

Related issue

@aeneasr as discussed this is an initial implementation of what the cookie session authenticator could look like. If you like the API I can go in and add some documentation around it, otherwise please let me know if you have a better idea of how you would like this to work.

Proposed changes

The authenticator assumes there's a RESTful session service that responds to GET /sesions/{sessionId} with the json structure { subject: string, extra: map[string]interface{} }. This authenticator reads a session cookie from the incoming request. Then if the passed sessionId returns a 200, it populates the subject/extra fields for the pipeline. If the cookie does not exist it returns ErrAuthenticatorNotResponsible, otherwise authentication fails.

Checklist

• I have read the contributing guidelines
• I have read the security policy
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got green light (please contact
  [email protected]) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation within the code base (if appropriate)
• I have documented my changes in the
  developer guide (if appropriate)

[CLAassistant]

All committers have signed the CLA.

[alexdavid]

@kevgo

[aeneasr]

Awesome, thank you! I didn't have time to review it yet but it's on my list for this week.

[alexdavid]

@aeneasr comments addressed, let me know what you think!

[aeneasr]

This looks great! Only a few nitpicks :)

Oh and could you please add a section about this authenticator to the docs? :)

[aeneasr]

Awesome, thank you!