Backport of Fix multiple OpenAPI generation issues with new AST-based generator into release/1.12.x

[hc-github-team-secure-vault-core]

Backport

This PR is auto-generated from #18554 to be assessed for backporting due to the inclusion of the label backport/1.12.x.

WARNING automatic cherry-pick of commits failed. Commits will require human attention.

merge conflict error: POST https://api.github.com/repos/hashicorp/vault/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.

---

Currently, the Vault OpenAPI generator attempts to use a variety of ad-hoc regexps, to simplify the path regexps that are the canonical specification of URL paths in Vault backends, and convert them into OpenAPI URL patterns. Regexps are not well suited to parsing regexps, and this approach is fragile and incomplete.

Happily, the Go regexp library provides easy access to its string-to-AST parser, so we can just ask it to parse the regexps for us, and then walk the resulting AST for a more reliable translation from regexps to OpenAPI patterns - this PR makes that change.

Whilst developing this change, it came to light that there are incorrectly unescaped full stops in some existing patterns - so the dot in /.well-known/ could in fact be any character. These are now properly escaped.

As a result of these changes, the OpenAPI document changes in the following ways:

In the AWS secrets engine, the /creds/{name} endpoint was being incorrectly documented as /creds - fixed (closes #18488).

In the GCP secrets engine, the /roleset and /static-account endpoints were missing - fixed.

In the KV v2 secrets engine, the /.* endpoint, which already had no visible operations since they are all marked as Unpublished, is now removed from the OpenAPI document entirely, since '/.* is not a valid OpenAPI path pattern.

In the PKI secrets engine, widespread inaccuracies are fixed (closes #18484):

The following endpoints, which were incorrectly undocumented, are added:

/cert/crl
/cert/delta-crl
/crl/delta
/crl/delta/pem
/crl/pem
/issuer/{issuer_ref}
/issuer/{issuer_ref}/crl
/issuer/{issuer_ref}/crl/delta
/issuer/{issuer_ref}/crl/delta/der
/issuer/{issuer_ref}/crl/delta/pem
/issuer/{issuer_ref}/crl/der
/issuer/{issuer_ref}/crl/pem
/issuer/{issuer_ref}/der
/issuer/{issuer_ref}/json
/issuer/{issuer_ref}/pem
/issuers/import/bundle
/issuers/import/cert
/keys/generate/exported
/keys/generate/internal
/keys/generate/kms

The following endpoints, which were documented but don't actually exist, are removed:

//delta
//delta/pem
//der
//json
//pem
/bundle
/cert
/delta-crl
/internal|exported
/kms
/{issuer_ref}/crl/pem|/der|/delta/pem
/{issuer_ref}/der|/pem

In the RADIUS auth method, /login endpoint no longer documents an incorrect urlusername field in the request body.

In the /sys/plugins/catalog/{type}/{name} endpoint, the type parameter is now no longer also incorrectly included in the request body.

In the /sys/tools/hash endpoints, the urlalgorithm parameter is now no longer incorrectly included in the request body.

In the /sys/tools/random and /transit/random endpoints, the source and urlbytes parameters are now no longer incorrectly included in the request body.

In various /transit/ endpoints, the urlalgorithm parameter is now no longer incorrectly included in the request body.

In the /transit/restore endpoints, the name parameter is now no longer incorrectly included in the request body.

These "parameter is now no longer incorrectly included in the request body" fixes are helpful, but accidental, and dependent on another bug - the request schema for multiple expansions for the same endpoint overwrites each other, with last generated wins, and the generation is simply happening in a more convenient order in this version of the code.

---

Overview of commits

• fd9cadb

[hashicorp-cla]

All committers have signed the CLA.