Introduce middleware for audit logs and authentication checks

[ardaguclu]

This PR is the continuation of #153. First commit basically is from #153. Second commit introduces the middleware.

This middleware;

• logs requests if the log-level is 5 or higher
• will check the authorization header and return accordingly, if bearer token is not found.

[ardaguclu]

/cc @manusa

[ardaguclu]

This is not related to the changes in this PR. I updated this, because I think we want stateless streamable http server. If it is suggested that this change should be in a different PR, I can remove it from here.

[manusa]

• logs requests if the log-level is 5 or higher

I'm not sure if this is aligned with the --log-level config description: Sets the logging level (values from 0-9). Similar to kubectl logging levels.

According to the kubectl quick reference table shouldn't the value be 6 instead?

[ardaguclu]

I think, it is not related but hard to say for sure.

[manusa]

Not sure if this scope is too narrow, what do you think about a broader http package to include everything related to our customized http server?

[ardaguclu]

Firstly, I renamed it to http to be honest. But this name collides with the native Go http package. But I can rename it to, if you want to. And we can use package name as internalhttp.

[ardaguclu]

I'm fine whatever you decide.

[manusa]

Your call, we can always change the name in the future.

For me it's uncomfortable to see the http server logic in root.go and I think that we should probably move that somewhere else (hence the broader scope for this package, to cover everything related to http/internalhttp).

In any case, this can be covered in the future.

[ardaguclu]

Renamed to http, because it is indeed better. We can move server logic under http in a followup PR.

[ardaguclu]

I'll move server logic in http package, when I wire the sig terms to the server.

[ardaguclu]

Opened this #164

[manusa]

besides the nitty comments, everything else looks good :)

[manusa]

LGTM, thx!