#632 User authentication

[vincent-zurczak]

In case of successful review, thanks for squashing these commits into a single one during the merge operation.

This PR adds the possibility to enable authentication on Karaf's web server for our REST API and web socket. The authentication is delegated to Karaf's realms (JAAS features). It means our authentication can be backed up by properties files, databases or even LDAP. Authentication enablement, the used realm as well as the validity period for sessions can be configured in a dedicated file.

Although it works with HTTP, this is not safe anough.
This feature should be used with HTTPS activated.

For the moment, we only authenticate users, we do not manage roles (which are the focus of another issue).

[gibello]

Wondering why a filter-based authentication is necessary for servlets ? The native JAAS support provided by Jetty might be more flexible ??

[vincent-zurczak]

Authentication is a first step. We also need audit (#642) and permissions check (#643), although this last one may be delayed. A single servlet filter can manage everything.

Last, but not least, this servlet allows us to rely on Karaf's JAAS. Which means we can configure it the same way we configure authentication for the CLI. We would have to use different configuration files if we had to rely on Jetty's JAAS modules. And such configurations are much more complicated than what I chose.