Type of change

• Enhancement / new feature

Description

Gives ability to create REST API users for the Cruise Control REST API.
This allows developers and third-party applications to define roles and permissions to access to the Cruise Control REST API without having to disable HTTP basic authentication.

The rough plan is to add an apiUsers section to the cruiseControl.spec where an API users can be defined by name and predefined Cruise Control role [1]. As of right now, the schema will look something like this:

spec:
  cruiseControl:
    apiUsers:
      - name: user
        password:
          valueFrom:
            secretKeyRef:
              name: my-secret (1)
              key: my-password (2)
        role: USER (3)
     ... 

(1) The name of the secret containing the predefined password.
(2) The key for the password stored inside the secret.
(3) By default Cruise Control defines three roles: VIEWER, USER and ADMIN.

VIEWER role: has access to the most lightweight kafka_cluster_state, user_tasks and review_board endpoints.
USER role: has access to all the GET endpoints except bootstrap and train.
ADMIN role: has access to all endpoints. 

[1] https://github.com/linkedin/cruise-control/wiki/Security#authorization