EPIC: Add Authentication to TaaS

[nonsense]

Description

At the moment TaaS doesn't have authentication, so any project which targets the publicly accessible HTTP endpoint of the testground daemon can schedule testplan runs on it.

This results in many forks of IPFS, Lotus, etc. that have configured to schedule testplan runs on TaaS to also schedule runs on TaaS, overwhelming the TaaS deployment for no good reason.

Basically anyone who runs testground run composition -f some-composition.toml on a client machine where the client is configured to target a publicly accessible TaaS deployment can schedule tasks.

[client]
endpoint = "https://ci.testground.ipfs.team"

Since the new cluster will be hosted on EKS, the solution should ideally use AWS resources as much as possible.

What defines this endeavor to be complete

• Investigate authentication support for the TaaS cluster on EKS
• Write a design doc, and invite others to discuss the proposal

Once the tasks above have been completed, we can open a new task to implement Auth.

2022-09-19: Added notes from last week's meeting

[BigLep]

2022-03-10 note: DNS is managed by Route53 in the AWS account

There is no existing design for authentication, but this will presumably be token based.

[brdji]

2022-09-19: Added notes from last week's meeting