Allow specifying multiple API keys with different authorizations

[jander-msft]

It appears that Prometheus does support authorization: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config

This means we can allow securing the /metrics endpoint with API key authorization. However, we would likely want to configure a separate API key for metrics that is different than the API key used for the other routes.

Configuration could look like:

{
    "ApiAuthentication": {
        "Hashes": [{
            "Name": "MyKey",
            "Value": "<Base 64 Encoded Hash of Key>",
            "Algorithm": "SHA256",
            "Authorizations": [
                "all"
            ]
        },{
            "Name": "PrometheusKey",
            "Value": "<Base 64 Encoded Hash of Key>",
            "Algorithm": "SHA256",
            "Authorizations": [
                "metrics"
            ]
        }]
    }
}

This allows for multiple scenarios:

• Securing the /metrics endpoint from unauthorized access.
• Allowing finer grained preconfigured authorizations. For example, could have authorizations for each route, for different types of egress, etc.
• Ability to log the name of the key that was used for each access to a route.

[jander-msft]

.NET Monitor does not currently support authorization scopes except for in the case of Entra ID authentication where a single scope is necessary to allow the use of .NET Monitor for each user. Additionally, there is no plan to add support for multiple API keys as there has not been any customer feedback for this. If fine-grained authorization is added and customers ask for multiple API keys, this can be revisited.