authorize: add authorization (#59)

* authorize: authorization module adds support for per-route access policy. In this release we support the most common forms of identity based access policy: `allowed_users`, `allowed_groups`, and `allowed_domains`. In future versions, the authorization module will also support context and device based authorization policy and decisions. See website documentation for more details.
 * docs: updated `env.example` to include a `POLICY` setting example.
 * docs:  added `IDP_SERVICE_ACCOUNT` to  `env.example` .
 * docs: removed `PROXY_ROOT_DOMAIN` settings which has been replaced by `POLICY`.
 * all: removed `ALLOWED_DOMAINS` settings which has been replaced by `POLICY`. Authorization is now handled by the authorization service and is defined in the policy configuration files.
 * proxy: `ROUTES` settings which has been replaced by `POLICY`.
* internal/log: `http.Server` and `httputil.NewSingleHostReverseProxy` now uses pomerium's logging package instead of the standard library's built in one.

Closes #54
Closes #41
Closes #61
Closes #58

docs/guide/from-source.md

@@ -27,17 +27,19 @@ The command will run all the tests, some code linters, then build the binary. If
 
 ## Configure
 
-Make a copy of the [env.example] and name it something like `env`.
+### Environmental Configuration Variables 
 
-```bash
-cp env.example env
-```
+Create a environmental configuration file modify its configuration to to match your [identity provider] settings. For example, `env`: 
 
-Modify your `env` configuration to to match your [identity provider] settings.
+<<< @/env.example
 
-```bash
-vim env
-```
+
+### policy.yaml
+Next, create a policy configuration file which will contain the routes you want to proxy, and their desired access-controls. For example, `policy.example.yaml`:
+
+<<< @/policy.example.yaml
+
+### Certificates
 
 Place your domain's wild-card TLS certificate next to the compose file. If you don't have one handy, the included [script] generates one from [LetsEncrypt].