forwardAuth Support

[shinybrar]

• Added forwardAuth support
• Added docker-compose, Dockerfile and a sample config.json

[daikema]

Hi @shinybrar. It's great to hear that you've made progress at getting the forwardAuth solution working on your end.
I took a look at this and your corresponding schema PR, and had the following thoughts.

• First off, if configuring forwardAuth via the config file, I don't think that we want to allow for a default header name from which to obtain a username to reduce security risks if people enable forwardAuth without an understanding of what it does such that a request could be sent using the default header.

• We do want to ensure that CARTA operates well on CANFAR but I don't think we want CANFAR-specific text in there as is currently there in the config file that you'd included in the PR.  We've also tried to group that sort of thing into the documentation rather than directly in the code (with an existing example you can see here).

• At the moment I don't think we're interested in adding containerization code (the Dockerfile + compose) within the controller repo itself.

• Any changes of this sort introduced now are likely to be superceded by the time of the next release as we're working on a larger overhaul (which should also, e.g., prune out the need for the pam dependency you have installed in your runtime container if not using that auth method)

[kswang1029]

Shall we also update the controller document?