feat: Pre-Signed URL Signatures with Storage JWT Secret

[itslenny]

What kind of change does this PR introduce?

Feature

What is the current behavior?

URLs can only be signed using the tenant jwt secret associated with the project

What is the new behavior?

• Use a new tenant specific "url signing jwk" to sign urls
• Generate url signing jwk for all existing tenants using the worker queue
• Create url signing jwk for new tenants
• Allow user-submitted jwks (including asymmetric) to be used for self-signing of URLs
• Legacy JWT Secret is still used as fallback validation to ensure previously created long lived URLs are still valid

[coveralls]

Pull Request Test Coverage Report for Build 14273943858

Details

• 545 of 608 (89.64%) changed or added relevant lines in 16 files are covered.
• 4 unchanged lines in 3 files lost coverage.
• Overall coverage increased (+1.2%) to 77.778%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
src/config.ts	41	42	97.62%
src/http/plugins/signature-v4.ts	7	8	87.5%
src/http/routes/admin/tenants.ts	25	26	96.15%
src/storage/events/workers.ts	1	2	50.0%
src/storage/object.ts	7	8	87.5%
src/admin-app.ts	8	10	80.0%
src/internal/auth/jwt.ts	33	35	94.29%
src/internal/auth/generators/jwk-generator.ts	61	71	85.92%
src/internal/database/tenant.ts	179	191	93.72%
src/storage/events/jwks-create-signing-secret.ts	28	60	46.67%

Files with Coverage Reduction	New Missed Lines	%
src/internal/database/tenant.ts	1	75.29%
src/storage/events/workers.ts	1	55.56%
src/internal/queue/event.ts	2	50.54%

Totals
Change from base Build 14262883028:	1.2%
Covered Lines:	16227
Relevant Lines:	20700

---

💛 - Coveralls

[fenos]

Overall looks great!
Just left some questions / small improvements to consider improving

[github-actions]

🎉 This PR is included in version 1.21.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀