Support identity placeholder in MQTT server route topics

[epieffe]

Support reference to {guarded[...].identity} in MQTT server routes[].when[]publish[].topic and routes[].when[]subscribe[].topic configurations.

This can be used to restrict clients to publish and subscribe only to topics that match their own identity.

example:

  north_mqtt_server:
    type: mqtt
    kind: server
    options:
      authorization:
        jwt:
          credentials:
            connect:
              username: Bearer {credentials}
    routes:
      - guarded:
          jwt:
            - mqtt:device
        when:
          - publish:
              - topic: device/{guarded[jwt].identity}/location
          - subscribe:
              - topic: device/{guarded[jwt].identity}/update
        exit: north_mqtt_kafka_proxy

Using the above configuration, if a client has the scope JWT claim equal to mqtt:device and the sub JWT claim equal to d123, it can only publish to topic device/d123/location and subscribe to topic device/d123/update.

An other client with the same scope claim, but with the sub claim equal to d456, can only publish to topic device/d456/location and subscribe to topic device/d456/update.

Fixes #421

[epieffe]

I need your support on a few points:

• How can I efficiently test and debug my changes on my local machine? Right now I am planning to use the Docker image generated by the docker-image maven module, but it's going to be sloow!
• I would like some hint on how to write proper automated tests, if necessary.

Please let me know!

EDIT: I did some tests on my local machine using the Docker image generated by the docker-image maven module and it seems to work correctly.

Unfortunately the issue is a bit more complex than I initially thought: since the topic pattern is now dynamic, because it can change for every user identity, the regex cannot be pre-compiled and stored in the MqttConditionMatcher class, but it needs to be compiled every time. This might produce small a performance penalty and I don't know if it is acceptable.

Probably the best option would be to stop using regex for topic matching and implement a custom method for that. I did a quick Google search and it seems that other MQTT brokers do the same, like Mosquitto (implementation here) or HiveMQ (implementation here).

I also changed the placeholder syntax from ${guarded['...'].identity} to {guarded[...].identity} to make regex validation a bit easier, and this is also more similar to the other placeholders available in other Zilla configs. Hope you agree with that.

Please let me know what you think!

EDIT 2: I added a second commit to the PR that replaces regex with a custom logic for topic matching.