Action runs should have access to running user's JWT token

[dandelany]

Summary

Propagate the user’s JWT to the Action Server so actions can authenticate against other services under the same identity provider.

Background

As discussed with @parkerabercrombie and @mattdailis - Actions will need to call external services that rely on the same identity provider as Aerie, and those calls must be made under the running user’s authenticated context. Currently, neither the UI’s request to start an action run nor its subsequent transient secrets request to the Action Server include the user’s JWT. As a result, the Action Server cannot authenticate these requests, and actions cannot use the user’s existing identity to call external services that share the same identity provider.

Requirements

• Each action run includes a transient secrets request that includes the user’s JWT.
• Action Server authenticates this request and validates the JWT.
• The action runner includes the JWT in the secrets object that it passes to the action (alongside other transient secrets), and the user is able to access it in their action code.

[dandelany]

WIP is pushed to aerie branch feat/jwt-token-in-actions and aerie-ui branch feat/jwt-in-action-server. I still need to:

• update the UI to send this on every action run instead of just those with transient secret parameters
• Determine if any more token validation is needed on backend (check user token is from the same user who initiated run?)
• write tests/test procedure