Implement auth and permissions caching

[troian]

Auth backend might be actually remote thus auth request might take significant time espessialy on publish/subscribe request due to permissions lookup and math.
Need some interface AuthCache provided as option to each auth provider.
Implementation should cache only successful auth requests. Form of storing might be like that:
username:
auth: allow
permissions: []array of successful permissions

Each cache entry might be invalidated

[hsluoyz]

Hi, I'm the author of Casbin. It is an authorization library that supports models like ACL, RBAC, ABAC.

Related to RBAC, Casbin has several advantages:

1. roles can be cascaded, aka roles can have roles.
2. support resource roles, so users have their roles and resource have their roles too. role = group here.
3. the permission assignments (or policy in casbin's language) can be persisted in files or database.

Casbin can also easily support authorization decision cache easily.

So please consider using Casbin when surgemq implements auth security. Also let me know if there's any question:)

[troian]

@hsluoyz thanks a lot for pointing this out. I'll take a look