auth: Add entitlements to LXD entities (part 1: introduce IsFineGrained field)

[gabrielmougard]

JIRA ticket: https://warthogs.atlassian.net/browse/LXD-2208
Specification link: https://docs.google.com/document/d/1GxWV5J57MLrjGEY5RDG7eS86J99A8RMmjKTpn0mEhgY/edit?tab=t.0

---

This is the first part of a group of three stacked PRs.

• Second part: auth: Add entitlements to LXD resources (part 2: Get entitlements from Authorizer interface) #14746
• Third part: auth: Add entitlements to LXD resources (part 3: Enrich LXD resources with entitlements) #14748

---

This introduces a new FineGrained boolean field in IdentityInfo (returned from GET /1.0/auth/identities/current) to let a user know if he is currently using a fine grained authentication method. This PR also introduce the entities_with_entitlements extension.

---

How to query the API using fine grained auth (this is just a reminder for me)

# Add TLS certificate to LXD (this can be done through LXD UI. Download the .pfx file)
# Create an auth group
lxc auth group create test-group

# Add an new identity to this group ("lxd-ui" is my TLS certificate identifier created by LXD UI)
lxc auth identity group add tls/lxd-ui test-group-1

# Create resources and add permissions to them
lxc auth group permission add test-group-1 instance c1 can_view project=default

# Create a .pfx certificate (with password "1234") and associate it to an auth group and give it some permissions. You can call the API like the following to perform fine-grained calls:
curl --insecure --cert-type P12 --cert lxd-ui-fine-grained-tls.pfx:1234 "https://127.0.0.1:8443/1.0/instances/c1?recursion=1&with-entitlements=can_view" | jq '.'

The CURL output should give you something like:

{
  "type": "sync",
  "status": "Success",
  "status_code": 200,
  "operation": "",
  "error_code": 0,
  "error": "",
  "metadata": {
    "entitlements": [
      "can_view"
    ],
    "name": "c1",
    "description": "this is a test ",
    "status": "Running",
    "status_code": 103,
    "created_at": "2024-11-12T09:58:54.960586253Z",
    "last_used_at": "2024-11-16T12:15:13.572661467Z",
    "location": "none",
    "type": "container",
    ...
  }
}

[tomponline]

"resources" means something else in LXD as we have /1.0/resources so we should find a different name for this conceptual change.

Would entities be more appropriate?

[gabrielmougard]

"resources" means something else in LXD as we have /1.0/resources so we should find a different name for this conceptual change.

Would entities be more appropriate?

Yes, entities seems better. I'll change the naming. Thanks!

[tomponline]

Please make the changes as discussed, thanks.

Please update the PR description to demonstrate the actual API change being made here. Ta

[markylaing]

Just a couple of small nits :)