feat: add external authorization service (authzd) with JWT authentication

- Add new authzd gRPC service implementing Envoy's external authorization API
- Integrate JWT authentication filter in Envoy configuration with claim extraction
- Update middleware to support both cookie-based and header-based user authentication
- Add comprehensive test coverage for authorization service and server
- Configure proper service orchestration with authzd, sparkled, and Envoy
- Update build system and Docker configuration for multi-service deployment
- Add grpcurl tool for gRPC service debugging and testing

This enables fine-grained authorization control through Envoy's ext_authz filter
while maintaining backward compatibility with existing cookie-based authentication.

2 files changed, 3 insertions, 4 deletions

diff --git a/bin/entrypoint.sh b/bin/entrypoint.sh
index 28d6c5f..eb7dc07 100755
--- a/bin/entrypoint.sh
+++ b/bin/entrypoint.sh
@@ -5,5 +5,4 @@ set -e
 [ -n "$DEBUG" ] && set -x
 
 cd "$(dirname "$0")/.."
-echo "[$(date "+%H:%M:%S")] ==> Starting…"
-./bin/envoy.sh & ./bin/sparkled
+./bin/envoy.sh & ./bin/authzd & ./bin/sparkled
diff --git a/bin/envoy.sh b/bin/envoy.sh
index 67ea54c..7f2dcee 100755
--- a/bin/envoy.sh
+++ b/bin/envoy.sh
@@ -29,8 +29,8 @@ if ! command -v envoy; then
   exit 1
 fi
 
-echo "[$(date "+%H:%M:%S")] ==> Starting…"
+# https://github.com/envoyproxy/envoy/blob/48f93b68232aba15b5b14743a134691926749122//source/common/common/logger.h#L36
 envoy \
   --config-yaml "$yaml" \
   --log-level warn \
-  --component-log-level oauth2:trace
+  --component-log-level admin:warn,connection:warn,ext_authz:info,grpc:info,health_checker:warn,http:warn,http2:warn,jwt:warn,oauth2:warn,router:warn,secret:warn,upstream:warn