Adds support for hidden private keys in server tenants

[dhr-verma]

Description

This PR adds support for storing private keys in the tenants DB collection. These private keys will be used to sign tokens that are acquired for keyless access. These are never shared with the client and will be rotated based on their rotation schedule. It also adds a new claim in the fluid access token - fluidRelayKeylessAccess. This claim will be used to determine how to validate the access token - with the shared keys or the private keys. This allows to keep access tokens to be backward compatible while also supporting keyless access. It does introduce some new APIs and modifies existing APIs:

1. /tenants/:id/keys: Adds a new query parameter - getPrivateKeys. When set to true, it returns the privateKeys for the tenant. By default, this flag is set to false.
2. /tenants/:id/keylessAccess: Toggles the enableKeylessAccess flag for a tenant.
3. /tenants/:id/key: Refreshes the requested tenant key. When refreshPrivateKey is true it will refresh the private keys but does not return the refreshed keys. This is because key refreshes of the private keys will not be exposed to clients.
4. /tenants/:id?: Creates a fluid tenant. This request accepts a new parameter in the body - enableKeylessAccess. When this is set to true, a tenant with support for private keys will be created. By default, this is false.

To support these, the following changes are done:

1. Updated the ITenantConfig interface to have two new mandatory props - enableKeylessAccess and enableKeyAccess. These are computed at runtime by the tenantManager. Since these are not stored in the DB these can safely be made mandatory without breaking backward compatability.
2. Updated Riddler APIs to support a new interface ITenantPrivateKeys. The workflows essentially are the same as before but they include some new flags which helps riddler determine what keys to get/refresh/use for validation. The changes also include creating different caching keys for shared and private keys.
3. Added a new claim fluidRelayKeylessAccess which will be set to true when generating a keyless access token.
4. To test and ensure backward compatibility, I also created a test suite for tenantManager.ts. This ensures the existing APIs work as before. It also tests the new functionality. To further test these changes, I ran the server locally using Docker.

Breaking Changes

This adds a bunch of functionalities to support private hidden keys. However, these should not break existing changes.

Reviewer Guidance

1. General design of reusing the existing design of getTenantKeys rather than creating new interfaces.
2. Unit test clarity.

TODO: Add changesets