Evaluate operations against a policy enforcer over NATS

[brooksmtownsend]

Implementation of the host-side of the RFC #439

This PR includes a new module, HostCore.Policy.Manager which is responsible for taking a source, target, and action and querying a policy topic for an assertive allow or deny. This only occurs when a host is configured to use a policy topic, WASMCLOUD_POLICY_TOPIC, and quickly returns an allow in the case that no policy topic is configured.

In the case that a policy query times out (e.g. isn't answered by a policy enforcer) the wasmCloud host fails closed and will not allow the request to go through. Note that this means that a host configured with a policy topic that is invalid, or when a policy server goes down, no actors or providers can be started that haven't been previously authorized and no invocations can go through that haven't already happened between existing resources (cc @stevelr @autodidaddict)

When policy requests are denied due to invalid structures or timing out, those results will not be cached

Some side effects that might not be initially obvious and need some extra thought

1. If a policy topic is configured on accident or with a typo, the first request to do any new action (start a new actor, perform an invocation, etc) will take 2 seconds longer as it waits to time out. This timeout probably needs to be adjusted as 2 seconds is enough to fail any invocation with the default RPC timeout (assuming it's coming from a provider)
2. If a policy request is invalid (e.g. missing an issuer key), it's allowed without consulting the policy engine. We control writing these requests in the host so it shouldn't be an issue, but if an actor is missing an issuer I could see the argument to deny it.

Still TODO:

• [x] Implement WASMCLOUD_POLICY_CHANGES_TOPIC to invalidate portions of the cache
• [x] Implement policy evaluation for start_provider and perform_invocation