refactor(rust): extract a credential refresher from the credential retriever

[etorreborre]

This PR refactors part of the support for refreshing credentials in the background.

Configuration

The configuration for the CredentialRetriever is now just limited to pure data. CredentialRetrieverOptions are:

pub enum CredentialRetrieverOptions {
    /// No credential retrieval is required
    None,
    /// Credentials must be retrieved from cache, for a given issuer
    CacheOnly(Identifier),
    /// Credentials are retrieved via a remote authority
    Remote {
        /// Routing information to the issuer
        retriever_info: RemoteCredentialRetrieverInfo,
        /// Timing options for retrieving credentials
        retriever_timing_options: RemoteCredentialRetrieverTimingOptions,
        /// Timing options for refreshing credentials
        refresher_timing_options: RemoteCredentialRefresherTimingOptions,
    },
    /// Credentials have been provided in-memory
    InMemory(CredentialAndPurposeKey),
}

This provides a better separation between "configuring" and "initializing / running".

Refresher creation

The instantiation of a CredentialsRefresher, for a given issuer + identity is done at the last moment, when creating a secure channel:

• This removes the need for a CredentialsRetrieverCreator.
• This removes the need for no-op functions since refresh is only relevant for a remote credential retriever.

Retrievers / Refreshers

The functionality for retrieving credentials has been divided into:

• IssuerClient: can create a secure channel to an issuer on another node and ask for a credential

• CredentialRequest: can be executed to issue a credential for a specific pair issuer / subject

  • It is used to make sure that we don't try to concurrently retrieve the same credential.
  • The request has a run() method calling the issuer client and then caching the issued credential.

• CredentialsCache: stores credentials locally and makes sure that they are not expired when they are retrieved from storage.

• CredentialIssuer: this struct represents an issuer that we wish to access to get credentials

  • It creates credential requests when we need to get credentials for a given subject

• CredentialRefresher: periodically asks the credential issuer to get new credentials so that we never have expired
  credentials for a given identity. It can also notify subscribers that new credentials are available.
  This feature is used to send a CredentialRefresh message on secure channels used by the subject.

• RemoteCredentialRetriever: implementation of a CredentialRetriever accessing a remote issuer.
  It can spawn refreshers, one per subject.

   +--------------+
   | IssuerClient |
   +--------------+
            ^
            |
   +-------------------+            +------------------+
   | CredentialRequest |----------->| CredentialsCache |
   +-------------------+            +------------------+
            ^                                ^
            |                                |
   +------------------+             +---------------------+
   | CredentialIssuer |<------------| CredentialRefresher |
   +------------------+             +---------------------+
             ^                               ^
             |                               |
             |        +----------------------+
             |        |
   +---------------------------+
   | RemoteCredentialRetriever |
   +---------------------------+