This commit adds a new option optionally disable authentication for the
`/metrics` endpoint in the pulsar-proxy.

Currently, authentication is required for the metrics endpoint when
authentication is enabled, which makes monitoring more difficult.
However, rather than just disable it completely and allow for metrics to
be exposed to any unknown user, this makes it opt in.

It could be argued that it should default to false, but as it is likely
that the proxy is the only component potentially exposed to the public internet, we
default to not exposing data.

Fixes #4920

fixes #4359

same as #3776

Use at least 8 threads to avoid having Jetty go into threads starving and
having the possibility of getting into a deadlock where a Jetty thread is
waiting for another HTTP call to complete in same thread.

Revert "[pulsar-common] add option that field can be empty"

This reverts commit e1e62bbaf0448867d9ab6af1efb23a46e4de947a.

set optional param

fix tests

fix configs

fix test

fix test

### Motivation

https://github.com/apache/pulsar/wiki/PIP-28%3A-Pulsar-Proxy-Gateway-Improvement


### Modifications

added a new handler **ParserProxyHandler.java** to parse requests independently and output

Fixes #3655

Master Issue: #3491

### Motivation
add support of Kerberos authentication for proxy

### Modifications
add support of Kerberos authentication for proxy ;
add unit test.

### Verifying this change
Ut passed

* [pulsar-broker] auto refresh new tls certs for jetty webserver

* Fix: function worker

* revert expired test

* Configure limited number of threads in Jetty executor

* Fixed parenthesis position

* Fixed usage of ExecutorThreadPool

* join() -> stop()

* Another fix for ExecutorThreadPool

* Increased default number of threads since these are also shared with proxy client

### Motivation
Start Pulsar services (broker, proxy, websocket, discovery) in TLS only mode, so that they only listen on TLS ports.

Once TlsPort is set tlsEnabled flag becomes redundant information - hence getting rid of the flag in relevant components.

### Modifications

a. Changed the Ports to Option<Integer> in the configuration file.
b. In Websocket Service there was a bug where we used 'tlsEnabled' flag to start listening on a TLS port and to talk to broker in on serviceUrlTls - separated the flag into two (tlsEnabled and brokerClientTlsEnabled) and deprecated tlsEnabled.
c. Fixed a lot of tests which relied on tlsEnabled flag.

### Result
Brokers can now listen to TLS only port.

* [conf] Add annotations for documenting proxy configuration settings

*Motivation*

It is non-trivial to keep configuration in-sync between code and configuration file.
The change is introducing documentation related annotations. So the annotations can be used
for generating proxy configuration file.

This controls the amount of data the http proxy will buffer before flushing
to the client. Setting this to something very low facilitates
streaming usecases with the reverse proxy.

* Allow user to configure proxy as reverse HTTP proxy

Users normally want to expose as few endpoints as possible. This patch
enables configuring the pulsar proxy as a review http proxy, so that
it can be used as a single endpoint for all pulsar and even non-pulsar
HTTP services.

The reverse proxy uses jetty's builtin implementation.

It is configured in proxy.conf, in the form

httpReverseProxy.NAME.path = '/path-on-pulsar-proxy-endpoint'
httpReverseProxy.NAME.proxyTo = 'http://internal-server/some-app'

where NAME is any user defined string. Multiple paths can be
configured this way.

* Add jetty logging at info level for tests

[proxy][functions] Issue #2154: proxy should be able to forward rest requests to function workers cluster (#2560)

*Motivation*

Function workers can be deployed as a separate cluster. If so, proxy is not able to forward the functions
related rest calls to the correct server.

*Changes*

Add two settings in proxy configuration to allow proxy configuring forwarding functions related rest calls
to function worker cluster.

*Tests*

Verified with changes in integration tests (manually). It is hard to add the integration tests based on
current integration tests. will add them in a separate PR.

### Motivation

Increasing the default value of `maxConcurrentLookupRequests` from 10K to 50K to increase limit of sustainable lookups before rejecting requests.

* Fix REST APIs provided by Pulsar proxy

* Rename status file for test

* Exclude status file from license check

* Add license header to status file

* Proxying HTTP request in the same way as Pulsar wire protocol

Issue 1014: Rename "global zookeeper" to "configuration-store"(change in code, conf and cli) (#1059)

* global-zookeeper => configuration-store: change in code, conf and cli

* change following @sijie's comments

* remove un-used imports

* change following @ivan's comments

* change following comments

* fix rebase error

* change for PR #1572 and #1223, fix integration fail

* Fix cube definitions after global zookeeper is renamed to configuration-store

* Hide deprecated options and few more adjustments

* Fixed required status of global-zk argument in cluster init tool

* Limit the memory usage for processes

* Fix the aliases and limit the memory usage

* remove environment settings

* Fix time.sleep at watch-znode.py

* revert unstarted to use started yml

* Fix invalid `""`

* Add Configuration to set tlsClientAuth

* Fixed ProxyPublishConsumeTlsTest

* Handled Matteos PR review comments

* Negative Tests

* Changed the Client Auth to ENUM

* Addressed Matteo's PR review Comments

* Removed unused imports

* Added client Cert to HTTPS

* Split the test case

* Replace tlsReqTrustedClientCertOnConnect with tlsRequireTrustedClientCertOnConnect

* Use brokerClientTlsTrustCertsFilePath to configure the trust file path for outgoing connection to a broker

* Separating configuration for client and server trust store

* Addressed Matteo's PR Comments

* Add REST api to check host-status for adding/removing from vip

* move vipStatus to common place

* address comment

* Add pluggable authorization service

fix: move FutureUtils to common and fix import

add grantpermission api

take default auth method

pass authData to authorization provider

keep single authorization provider

* fix rebase change

* Support hostname verification on proxy to broker connection

* remove dep and rename config

* Updates headers with ASF source files header

* change license to additional files

* Generalize PulsarConfigurationLoader

* fix: PulsarConfigurationLoader Test