Remove dependency on Dropwizard Auth

[oneonestar]

Description

Relates to #41

Release notes

(x) This is not user-visible or is docs only, and no release notes are required.

[willmostly]

Just skimmed and looks good, I will take another pass next week.

Have you tested this change against an OAuth2 server? I'm not overly confident in the mock tests.

[willmostly]

Would it make sense to use io.trino.server.security.BasicAuthCredentials here?

[oneonestar]

I tried that before. There were few problems:

Some Trino authentication logic are mixed into BasicAuthCredentials. The username must not be empty, otherwise it will throw (BasicAuthCredentials.java#L61-L63). That's not required by RFC 2617/7617.

It mixed AuthenticationException and Optional.Empty() to indicate different parsing errors, in order to satisfy different use cases in Trino. That's not needed by gateway and makes the caller's logic become complicated.

It doesn't have unit test coverage in Trino. I don't feel safe to extract and reuse that particular class.

[oneonestar]

Have you tested this change against an OAuth2 server? I'm not overly confident in the mock tests.

I didn't. Overall I don't feel we have enough tests to cover the auth part. That's why I'm holding this PR as a draft.
I planned to add some tests in a separate PR to ensure the auth doesn't break during migration.
In particular I'd like to test /findQueryHistory and /userinfo endpoint, LDAP authentication and authorization, and OAuth2.

[oneonestar]

Test on /userinfo added in #321.
Done a manual test on LDAP and OAuth2.
Not sure how to automate the test / mock the required components.

[willmostly]

I'm not that familiar with it unfortunately, but looks like the Trino OAuth2 tests use Hydra

[oneonestar]

Found some security issues in the current OIDC implementation while I was adding the test using Hydra.
#344 #345 should fix the issues.

[mosabua]

Lets chat about all this in the sync tomorrow. I think we should add them all in.