Proposal: Add http signatures support for the API

[42wim]

Description

Add http-signatures support for the API.

The main advantage is that this feature combined with ssh (certificates or public keys) allows users access to the API without getting an API key. Instead SSH(agent) will be used to sign the requests to the API.

The end result is that if you have a gitea installation with ssh certificates support and httpsig support, everything will "just work" for users without extra ssh/apikeys.

This will of course be not that easy to do with curl, but can be integrated into the tea client (or own tooling).

I can work on this, I think this will be a rather small chance in the code.

[6543]

@42wim feel free to do so :)

and if we integrate it afterwards into the go-sdk -> so tea will benefit from it too 👍

[lunny]

ref: https://tools.ietf.org/html/draft-cavage-http-signatures