User Story:

As agent installer, once the API authentication is implemented, I want to be able to:

• Read already generated priv/pub key created in the asset store at the time of implemeting the authentication (AGENT-868)
• Create 3 separate JWT tokens with 3 separate claims for each user personas i.e. systemd, wait-for and agents. Something like '{"systemdToken": true}' for the systemd token, '{"agentToken": true}' for agent, etc. Then we'd use authz to verify we've authenticated using a particular auth for that token kind of like here https://github.com/openshift/assisted-service/blob/df15ca00afa8c4ce95aa595268ea8b5543944027/pkg/auth/rhsso_authz_handler.go#L260-L266 then the authz would succeed only of the claim matches the security definition we used. That would ensure that only the correct token type is used with the corresponding token header.
• Implement a separate securityDefinition (wait-for-install-user) in the swagger and assign it to the endpoints used by wait-for API requests

so that as a next step I can achieve

• authorization for each of the 3 possible user personas 
• restrict the endpoints based on actors(user, agent, systemd)

Acceptance Criteria:

Description of criteria:

• Upstream documentation
• Point 1
• Point 2
• Point 3

(optional) Out of Scope:

Detail about what is specifically not being delivered in the story

Engineering Details:

• (optional) https://github/com/link.to.enhancement/
• (optional) https://issues.redhat.com/link.to.spike
• Engineering detail 1
• Engineering detail 2

This requires/does not require a design proposal.
This requires/does not require a feature gate.