feat: aws-auth plugin

[Lensual]

Description

Implementing the AWS Signature v4 authentication plugin.

Checklist

• I have explained the need for this PR and the problem it solves
• I have explained the changes or the new features added to this PR
• I have added tests corresponding to this change
• I have updated the documentation to reflect this change
• I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

Attributes

For Consumer:

Name	Type	Requirement	Description
access_key	string	required	Unique access_key for a Consumer. This field supports saving the value in Secret Manager using the APISIX Secret resource.
secret_key	string	required	Unique secret_key for a Consumer. This field supports saving the value in Secret Manager using the APISIX Secret resource.

NOTE: encrypt_fields = {"access_key", "secret_key"} is also defined in the schema, which means that the field will be stored encrypted in etcd. See encrypted storage fields.

For Route:

Name	Type	Requirement	Default	Description
host	string	optional		Host to validate. Without validate if not provided.
region	string	optional		Region to validate. Without validate if not provided.
service	string	optional		Service to validate. Without validate if not provided.
clock_skew	integer	optional	60 * 15	Clock skew allowed by the signature in seconds. The default value is 900 seconds (15 minutes). If X-Amz-Date is not in request parameter, an error will occur. Setting it to 0 will skip checking the date (UNSAFE).
max_req_body	integer	optional	1024 * 512	Max Request Body size. The default value is 512 KiB.
enable_header_method	boolean	optional	true	Enable HTTP authorization header method. The default is true.
enable_query_string_method	boolean	optional	true	Enable Query string parameters method. The default is true.
max_expires	integer	optional	60 * 60 * 24 * 7	Sets the maximum value allowed for the X-Amz-Expires parameter. The default value is 604800 seconds (7 days). Setting it to 0 will skip checking exprires limit (UNSAFE).
extra_must_sign_headers	array of string	optional		The Request Headers that must be signed. Case insensitive.
keep_unsigned_headers	boolean	optional	false	Whether to keep the Unsigned Request Header. The default is false.

[Lensual]

My first lua PR. Please tell me what else needs to be done. And How to. Thanks.

[moonming]

My first lua PR. Please tell me what else needs to be done. And How to. Thanks.

@Lensual nice work, I will ask more committers to review.

[shreemaan-abhishek]

what are the practical use cases for this PR? I see some test cases are failing, please fix them. Also, please include docs that shows how to use this plugin. Once you have done this please mark this PR "ready for review"