Support authorization on operation level

[Kaliumhexacyanoferrat]

As a developer of a web service, I would like to control authorization on operation instead of API level, so that I do not need to handle the authorization within the operation and can simpliy annotate my methods.

Example

public class MyService 
{
    
    [ResourceMethod]
    [RequireAdmin]
    public IResponse AdminOnly() { ... }

}

public class RequireAdminAttribute : AuthorizeByAttribute<AdminAuthorization> { }

public class AdminAuthorization : IAuthorizationRule
{

    public ValueTask<bool> Authorize(IRequest request, OperationArguments arguments) 
    {
        // somehow include the attribute values
        return true; // maybe a more complex type, e.g. AuthorizationResult with Result features
    }

}

Acceptance criteria

• The feature can be used on all frameworks
• Authorization logic can easily fetch arguments passed to the operation by the client (typed)
• Authorization logic can fetch arguments passed to the attribute
• Authorization logic can return details to the client when access is denied (serialized in a default way)
• The feature is documented on the GenHTTP website
• The feature is covered by acceptance tests