Add support for an external JWT-based authentication system

This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.

endpoints/api/suconfig.py

@@ -16,7 +16,7 @@ from auth.auth_context import get_authenticated_user
 from data.database import User
 from util.config.configutil import add_enterprise_config_defaults
 from util.config.provider import CannotWriteConfigException
-from util.config.validator import validate_service_for_config, SSL_FILENAMES
+from util.config.validator import validate_service_for_config, CONFIG_FILENAMES
 from data.runmigration import run_alembic_migration
 
 import features
@@ -224,7 +224,7 @@ class SuperUserConfigFile(ApiResource):
   @verify_not_prod
   def get(self, filename):
     """ Returns whether the configuration file with the given name exists. """
-    if not filename in SSL_FILENAMES:
+    if not filename in CONFIG_FILENAMES:
       abort(404)
 
     if SuperUserPermission().can():
@@ -238,7 +238,7 @@ class SuperUserConfigFile(ApiResource):
   @verify_not_prod
   def post(self, filename):
     """ Updates the configuration file with the given name. """
-    if not filename in SSL_FILENAMES:
+    if not filename in CONFIG_FILENAMES:
       abort(404)
 
     if SuperUserPermission().can():