server: add Self Protection mechanism

[CabinfeverB]

What problem does this PR solve?

This PR is used for fix #4373 including add audit logger and rate limiter for HTTP API
(close #4207, #2971, #3111, #3383)

This PR is split to three small ones:
- self protection framework #4469
- implement QPS rate limiter and Audit logger #4470
- add config #4471

What is changed and how it works?

• add SelfProtectionHandler which implement http.Handler and has method to add gRPC interceptor
• implement ApiRateLimiter and Auditlogger in SelfProtectionHandler
• add SelfProtectionHandler middleware in server
• add component name in Header for pdctl

Check List

Tests

• Unit test (to do)
• Integration test (to do)
• Manual test (add detailed scripts or steps below) (to do)

Code changes

• Has configuration change

Side effects

• Possible performance regression

Release note

To be written

[ti-chi-bot]

[REVIEW NOTIFICATION]

This pull request has not been approved.

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

[codecov]

Codecov Report

Merging #4466 (e104967) into master (e7c795f) will decrease coverage by 0.56%.
The diff coverage is 8.67%.

❗ Current head e104967 differs from pull request most recent head 2a10ed3. Consider uploading reports for the commit 2a10ed3 to get more accurate results

@@            Coverage Diff             @@
##           master    #4466      +/-   ##
==========================================
- Coverage   74.96%   74.40%   -0.57%     
==========================================
  Files         264      266       +2     
  Lines       27796    28013     +217     
==========================================
+ Hits        20837    20842       +5     
- Misses       5115     5312     +197     
- Partials     1844     1859      +15     

Flag	Coverage Δ
unittests	74.40% <8.67%> (-0.57%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/apiutil/apiutil.go	36.61% <0.00%> (-25.29%)	⬇️
server/config/config.go	77.75% <ø> (ø)
tools/pd-ctl/pdctl/command/global.go	67.67% <0.00%> (-1.40%)	⬇️
server/middleware/self_protection.go	5.06% <5.06%> (ø)
server/server.go	71.26% <34.61%> (-1.13%)	⬇️
server/api/server.go	100.00% <100.00%> (ø)
server/middleware/metrics.go	100.00% <100.00%> (ø)
pkg/tempurl/tempurl.go	45.00% <0.00%> (-15.00%)	⬇️
server/region_syncer/client.go	78.90% <0.00%> (-4.69%)	⬇️
server/schedulers/random_merge.go	60.00% <0.00%> (-3.34%)	⬇️
... and 16 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e7c795f...2a10ed3. Read the comment docs.

[ti-chi-bot]

@CabinfeverB: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[rleungx]

seem we need negroni.Handler.

[nolouch]

Consider a better name? For example [middleware]

[nolouch]

better move to pkg?

[CabinfeverB]

close this PR to change spliting small PRs