feat(apiserver): Optionally restrict public API to a single client

# Issue

As a platform operator you might want to restrict access to the public
API.

# Fix

The property `autoscaler.apiserver.autoscaler_api_client_id`, if set,
restricts the public API endpoint, to only allow requests providing an
oauth token from this client id to access the public API. The token
needs to be provided in the request header `X-Autoscaler-Token`.

Author: silvestre

jobs/golangapiserver/spec

@@ -70,6 +70,11 @@ properties:
     description: ""
   autoscaler.apiserver.broker.server.dashboard_redirect_uri:
     description: ""
+  autoscaler.apiserver.server.autoscaler_api_client_id:
+    description: |
+      If set, restricts the public API endpoint, to only allow requests providing an oauth token from this client id to access the public API.
+      The token needs to be provided in the request header X-Autoscaler-Token.
+    default: ""
   autoscaler.apiserver.public_api.server.port:
     description: "Port where broker server will run"
     default: 6102

jobs/golangapiserver/templates/apiserver.yml.erb

@@ -57,6 +57,7 @@ cf:
   idle_connection_timeout_ms: <%= p("autoscaler.cf.idle_connection_timeout_ms") %>
   max_idle_conns_per_host_ms: <%= p("autoscaler.cf.max_idle_conns_per_host_ms") %>
 
+api_client_id: <%= p("autoscaler.apiserver.server.autoscaler_api_client_id") %>
 public_api_server:
   port:  <%= p("autoscaler.apiserver.public_api.server.port") %>
   <% if_p("autoscaler.apiserver.public_api.server.ca_cert", "autoscaler.apiserver.public_api.server.server_cert", "autoscaler.apiserver.public_api.server.server_key") do %>