feat: pulsar oauth

[tabVersion]

I hereby agree to the terms of the RisingWave Labs, Inc. Contributor License Agreement.

What's changed and what's your intention?

• use pulsar API for enumerator
• support pulsar oauth

integration with stream native cloud

Checklist For Contributors

• I have written necessary rustdoc comments
  - [ ] I have added necessary unit tests and integration tests
  - [ ] I have added fuzzing tests or opened an issue to track them. (Optional, recommended for new SQL features Sqlsmith: Sql feature generation #7934).
• I have demonstrated that backward compatibility is not broken by breaking changes and created issues to track deprecated features to be removed in the future. (Please refer to the issue)
• All checks passed in ./risedev check (or alias, ./risedev c)

Checklist For Reviewers

• I have requested macro/micro-benchmarks as this PR can affect performance substantially, and the results are shown.

Documentation

• My PR DOES NOT contain user-facing changes.

Click here for Documentation

Types of user-facing changes

Please keep the types that apply to your changes, and remove the others.

• Connector (sources & sinks)

Release note

remove field: admin.url
new fields: oauth.issuer.url, oauth.credentials.url, oauth.audience and oauth.scope

field	required	discription
topic	yes	if topic starts with non-persistent://, it can never seek to a specific position and will always read from latest with no exactly once guarantee.
service.url	yes	service URL for pulsar, starts with pulsar:// or pulsar+ssl://
scan.startup.mode	no	default: earliest. accept one of earliest, latest
scan.startup.timestamp_millis	no	if specified, the reader will start reading from the timestamp. note that if the topic is non-persistent, it will read from the latest.
auth.token	no	a token for auth
oauth.issuer.url	conditional	the issuer URL for OAuth2
oauth.credentials.url	conditional	the path for credential files, starts with file://
oauth.audience	conditional	audience for OAuth2
oauth.scope	conditional	scope for OAuth2

Note that if user both setoauth.* auth and auth.token, only oauth authorisation is effective.

if oauth.* provided

field	required
oauth.issuer.url	yes
oauth.credentials.url	yes
oauth.audience	yes
oauth.scope	no

we require admin privileges for the role.

[tabVersion]

it involves auth part, manually tested on stream native cloud

[lmatz]

LGTM

[codecov]

Codecov Report

Merging #8222 (af21721) into main (1ad23ba) will decrease coverage by 0.07%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #8222      +/-   ##
==========================================
- Coverage   71.65%   71.59%   -0.07%     
==========================================
  Files        1131     1130       -1     
  Lines      184150   184013     -137     
==========================================
- Hits       131948   131736     -212     
- Misses      52202    52277      +75     

Flag	Coverage Δ
rust	71.59% <0.00%> (-0.07%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...c/connector/src/source/pulsar/enumerator/client.rs	0.00% <0.00%> (-88.64%)	⬇️
src/connector/src/source/pulsar/mod.rs	0.00% <0.00%> (ø)
src/connector/src/source/pulsar/source/reader.rs	0.00% <0.00%> (ø)
src/connector/src/source/pulsar/topic.rs	69.01% <0.00%> (-17.61%)	⬇️
src/storage/src/hummock/sstable/block.rs	93.90% <0.00%> (-1.83%)	⬇️
src/meta/src/hummock/mock_hummock_meta_client.rs	64.94% <0.00%> (-1.04%)	⬇️
...torage/src/hummock/local_version/pinned_version.rs	88.75% <0.00%> (-0.63%)	⬇️
src/common/src/cache.rs	97.15% <0.00%> (-0.11%)	⬇️
src/common/src/types/ordered_float.rs	31.06% <0.00%> (+0.19%)	⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more