feat: add JWT authorization

[tomondre]

• Add support for JWT token-based authentication
• Implement JWK fetching and caching mechanism from identity provider
• Add JWT validation using Authlib
• Modify signin_required decorator to handle JWT bearer tokens
• Use user idp_issuer, idp_subject to map idp user ids to reana user ids
• Add test cases for decorator with request context

This change allows users to authenticate with JWT tokens issued by an external identity provider, with token validation performed against the provider's JWK set.

More information on our efforts and progress can be found in this issue

[codecov]

Codecov Report

❌ Patch coverage is 21.42857% with 33 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.58%. Comparing base (e04d1fd) to head (3026da6).

Files with missing lines	Patch %	Lines
reana_server/utils.py	13.51%	32 Missing ⚠️
reana_server/config.py	50.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #741      +/-   ##
==========================================
- Coverage   60.04%   59.58%   -0.46%     
==========================================
  Files          32       32              
  Lines        3599     3640      +41     
==========================================
+ Hits         2161     2169       +8     
- Misses       1438     1471      +33     

Files with missing lines	Coverage Δ
reana_server/decorators.py	82.60% <100.00%> (+0.79%)	⬆️
reana_server/rest/config.py	58.33% <ø> (ø)
reana_server/rest/gitlab.py	41.50% <ø> (ø)
reana_server/rest/info.py	77.27% <ø> (ø)
reana_server/rest/secrets.py	37.31% <ø> (ø)
reana_server/rest/users.py	42.22% <ø> (ø)
reana_server/rest/workflows.py	50.46% <ø> (ø)
reana_server/config.py	84.92% <50.00%> (-0.36%)	⬇️
reana_server/utils.py	54.59% <13.51%> (-4.57%)	⬇️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[garciagenrique]

Hi @tomondre
Thanks for opening this PR. Please add @michaelbuchar as a reviewer too.
Also, start having a look and getting familiarized with gh automatic check and fix the code so that all the tests pass, please.

Could you also add in the description all the related PRs (REANA-db, client et...), please ?

[CameronMcClymont]

Regarding the failing checks, have a look at Tips for Git for the expected commit message style. You can run the tests locally before you push too if you want, e.g.: ./run-tests.sh --check-commitlint will tell you if the latest commit on your branch has the correct commit message format.

For the black and flake8 issues, running black . usually fixes both.

[garciagenrique]

Looks fine to me. I would like a deeper review by the REANA team :) @tiborsimko

[tomondre]

The token_required should be refactored, as the user may not have access_token created when accessing the API with JWT token for the first time. This is preferred (see #727)