Add vmauth as HTTP LoadBalancer option for VMCluster

[f41gh7]

Currently, traffic to vmselect and vminsert components are routed via Kubernetes Service. It provides a connection based access model to the endpoint components behind it. Since It's a common practice for client applications to re-use established, it's most like that request traffic will be distributed unevenly between application replicas. It makes resources usage less efficient.

There are multiple ways to mitigate this issue. One of the most straightforward ways to mitigate it - enable client side load-balancing via Service-Mesh mechanism. But it's external component, that requires to be installed by kubernetes cluster administrators. It's out of the scope of operator to do that. We can only provide a recommendation at documentation for it.

It brings us to the second option - use http load-balacing proxy in front of vmselect/vminsert. And it's a good task for vmauth.

Proposed solution:

• create vmauthBalacing spec definition at VMCluster.
• it must have enabled boolean flag.
• when enabled it must create additional deployment with vmauth component.
• it must include common application options - such as version, replicas, resources, deployment configuration options.
• vmauth config must have unauthorized section with routing to vmselect/vminsert by prefix.
• operator must update vmselect and vminsert services to point to the vmauth instead of vminsert/vmselect components
• it's also required to create additional services for vmauth -> vminsert/vmselect communication
• enabling/disabling load-balancing option should be without downtime.