PSK Auth Bug

[avirtuos]

PSK Auth in auth.rs near line 133 should not be comparing the literal PSK but rather validating a field that was encrypted using the PSK (e.g. encrypted hash of the request (e.g. action, timestamp, claimed identity, and if small enough the request params). Then using the claimed identity, we look up the associated PSK and attempt to validated the encrypted hash match the request.

       // Validate PSK
        let identities = self.identities.read().await;
        match identities.get(identity) {
            Some(expected_psk) if expected_psk.as_slice() == psk => {
                // Valid authentication
                debug!("Authenticated request from identity: {}", identity);
                Ok(request)
            }
            Some(_) => {
                error!("Invalid PSK for identity: {}", identity);
                Err(Status::permission_denied("Invalid PSK"))
            }
            None => {
                error!("Unknown identity: {}", identity);
                Err(Status::unauthenticated("Unknown identity"))
            }
        }

[avirtuos]

I think we need to remove / adust how the below config works because we want to be using TLS PSK and even the above TLS PSK impl seems wrong as it should be used for transport not app level like this,

5. enable_tls: Added config fields (tls_cert_path, tls_key_path) but full implementation deferred because it requires enabling the tls feature on the tonic dependency