feat(rpc): Opt-in HTTP RPC API Authorization

[hacdias]

Closes #10187 ← see design requirements and purpose there.

I tried not to touch go-ipfs-cmds. However, what I did in Kubo could've been done there too.

Closes #1532
Closes #2389
CC ipfs/ipfs-webui#1586 ipfs/go-ipfs-api#172

---

Feature Summary

This PR provides Kubo users with a basic HTTP Auth primitives for locking the RPC API down, and exposing only a subset of commands per access token defined in API.Authorization map.

Future work, such as UCANs mentioned here, or sandboxing MSF, keys, IPNS names per user hinted here, could be built on top of this at a later time.

[hacdias]

@lidel I have some concerns / questions here:

• client/rpc already allows to create a new client with a custom http.Client. This allows users to use AuthorizedRoundTripper to create a client. That is nice. However, I think adding a new option would make it much easier. But the way our API is made means that we need to update the coreiface package to include the new option.
• What I have done in Kubo could've been done inside go-ipfs-cmds. Not really sure where it is best to do this, but I want to avoid touching packages we do not need to touch.
• --api-secret asks for the Authorization header value now. Should we do it like that or accept the same structure type:value as in the configuration?

[lidel]

@hacdias quick answers:

1. client/rpc passing custom client is fine for now, let's keep this PR small, we can improve later (add support for creating RPC client with arbitrary options like custom headers and auth).
2. limiting blast radius sgtm, goal here is to establish tests, configuration and UX. we can upstream later if needed.
3. yes, rename --api-secret to --api-auth and make it use the same syntax as config (basic:user:pass or bearer:foo). To make UX nicer, let's assume bearer when : is not present in the string)

• see comments inline below

[lidel]

Thank you @hacdias!

I've added some additional docs and negative tests, should be ready for 0.25.0-rc1.
CI is green, merging.