The cache now gets x509ClientAuthenticationPrefixes from the director…

[turetske]

… and uses them in its config

-- Creates a DirectorAPI endpoint which returns the list of x509ClientAuthenticationPrefixes
-- The Cache retrieves this list from the director while getting NSAds from the Director
-- The xrootd cache config now sets "http.tlsclientauth defer"
-- for each entry in the x509ClientAuthenticationPrefixes, the xrootd cache config sets "http.tlsrequiredprefix <prefix>"
-- Adding tests

The behavior is that if a prefix is in http.tlsrequiredprefix <prefix> then when an access occurs with proper x509 certs, then it can pass even if it doesn't have a proper token. This will also remove the issue where when accessing an object via a browser, it will ask for an x509 certificate even when it's not needed.

For the testing, there are few things you want to do.

No longer asking for a certificate for browser accesses:

1. Start up a federation (cache/origin/registry/director)
2. Access an object from the cache via a web browser - ensure that it does not ask for a certificate

Testing that the defer check works:

1. Start up a federation (cache/origin/registry/director) with some prefix in Director.ClientAuthenticationPrefixes, ensure that PublicReads is NOT enabled
2. Use a tls cert to generate a user to add to an authfile with the same prefix
   i. openssl x509 -in <configdir>/certifications/tls.crt -noout -hash
   ii. add u <user>.0 <prefix> lr to <configdir>/xrootd/authfile
3. Ensure you have a version of curl which uses tlsv1.3 (should be in the dev containers already)
4. Run curl -v -k -L https://<directorurl>/<prefix>/<object> --tlsv1.3 --cert <configdir>/certificates/tls.crt --key <configdir>/certificates/tls.key and see that it successfully accesses the file

[jhiemstrawisc]

A few minor requests for changes/explanations but I've verified that both test cases work as expected for me locally.

[jhiemstrawisc]

LGTM