Authorized key is the tezos native method to authenticate signing
requests, one that we use in the new tezos-kms-signer-lambda.
This adds the required support on tezos-k8s to sign with such a signer.
The way it works in octez is:
* when the baker/client connects to the signer for the first time,
signer answers with a list of "authorized_keys" that the signature
request must be signed with. These authorized keys are just tezos
accounts
* if the baker/client has the secret key for one of these authorized
keys, they will just sign every request with it. otherwise, there will
be an error
* this can't be nested. the authorized_key can't be remote
We add support in tezos-k8s by assuming the authorized_keys are just
standard "accounts". Then, you may configure a baker as follows:
```
nodes:
mybaker:
bake_using_accounts:
- mybakeraddy
authorized_keys:
- my_authorized_key
```
config-generator then ensures that the private authorized key is
accessible to the baker.
We also add support on octez-signer end:
```
octezSigners:
mysigner:
sign_for_accounts:
- mybakeraddy
authorized_keys:
- my_authorized_key
```
When set, the signer mandates requests to be authenticated. Otherwise,
it signs anything.
This way, you can test end-to-end in a private chain.
We modify mkchain to do this by default: mkchain now generates an
authorized key and uses it to sign by default.
Also, mkchain was previously defaulting to using one remote signer, but
this broke when adding support for tacoInfra signer. I fixed it.
I have tested it with 3 bakers and 2 signers, one authorized and one
not. It's all working. I haven't tried zerotier and public chains.
Other changes:
* switch default version to 17.3
* no magic byte restriction from signer - prevents activation