authenticate: make service http only

- Rename SessionState to State to avoid stutter.
- Simplified option validation to use a wrapper function for base64 secrets.
- Removed authenticates grpc code.
- Abstracted logic to load and validate a user's authenticate session.
- Removed instances of url.Parse in favor of urlutil's version.
- proxy: replaces grpc refresh logic with forced deadline advancement.
- internal/sessions: remove rest store; parse authorize header as part of session store.
- proxy: refactor request signer
- sessions: remove extend deadline (fixes #294)
- remove AuthenticateInternalAddr
- remove AuthenticateInternalAddrString
- omit type tag.Key from declaration of vars TagKey* it will be inferred
  from the right-hand side
- remove compatibility package xerrors
- use cloned http.DefaultTransport as base transport

cmd/pomerium/main_test.go

@@ -21,9 +21,6 @@ import (
 )
 
 func Test_newAuthenticateService(t *testing.T) {
-	grpcAuth := middleware.NewSharedSecretCred("test")
-	grpcOpts := []grpc.ServerOption{grpc.UnaryInterceptor(grpcAuth.ValidateRequest)}
-	grpcServer := grpc.NewServer(grpcOpts...)
 	mux := http.NewServeMux()
 
 	tests := []struct {
@@ -56,7 +53,7 @@ func Test_newAuthenticateService(t *testing.T) {
 				testOptsField.Set(reflect.ValueOf(tt).FieldByName("Value"))
 			}
 
-			_, err = newAuthenticateService(*testOpts, mux, grpcServer)
+			_, err = newAuthenticateService(*testOpts, mux)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("newAuthenticateService() error = %v, wantErr %v", err, tt.wantErr)
 				return