feat: CQL2 filtering via STAC Auth Proxy

[alukach]

This PR builds out CQL2 filters for usage by the STAC Auth Proxy when handling requests for STAC Collections or STAC Items.

The logic is currently written as follows:

• Unauthenticated users will not be able to view any collections or items
• Authenticated users will be able to view collections without a private attribute or with private: false and collections that are referenced by ID within the collections claim of their JWT access token. These users will be able to view items from collections following this same logic. For the items endpoints, we cache the IDs of the public collections for 30 seconds.
• Authenticated users with a superuser claim (update: with a value of "true") in their JWT access token will be able to view all collections and items. Note that we pay no attention to the value of the superuser claim, we only care that something is set on the JWT under that claim.

These filters are written in applications/argocd/staging/applications/montandon-eoapi/stac-auth-proxy/montandon_filters.py and mounted to /app/src/stac_auth_proxy/montandon_filters.py within the STAC Auth Proxy container, allowing them to be referenced as the COLLECTIONS_FILTER_CLS=stac_auth_proxy.montandon_filters:CollectionsFilter¹ and ITEMS_FILTER_CLS=stac_auth_proxy.montandon_filters:ItemsFilter² within the runtime.

Footnotes

1. https://developmentseed.org/stac-auth-proxy/user-guide/configuration/#collections_filter_cls ↩

2. https://developmentseed.org/stac-auth-proxy/user-guide/configuration/#items_filter_cls ↩

[batpad]

cc @emmanuelmathot - I think will be good for us to go through and this and firm up the best way to integrate.

Thanks so much @alukach ! This looks great and just what we need.

[batpad]

@sunu I need your help to see how best we should mount this custom filter classes file, and to give this approach a review.