feat: support for lambda authorizer

[diegocstn]

Description of changes:
This PR adds support for a new authorization type supported by AppSync : AWS_LAMBDA.
Customers will be able to use an AWS Lambda function to determine whether to authorize a request based on a custom authorization token.

Similarly to OIDC, customers will be able to provide their own token to Amplify by providing an auth factory, an instance of a type conforming to APIAuthProviderFactory, and by overriding the functionAuthProvider() method to return an AmplifyFunctionAuthProvider as follow:

class MyFunctionAuthProvider: AmplifyFunctionAuthProvider {
  func getLatestAuthToken() -> Result<AuthToken, Error> {...}
}

class MyAPIAuthProviderFactory: APIAuthProviderFactory {
  open func functionAuthProvider() -> AmplifyFunctionAuthProvider? {
        return MyFunctionAuthProvider()
  }
}

let apiPlugin = AWSAPIPlugin(apiAuthProviderFactory: MyAPIAuthProviderFactory())
try Amplify.add(plugin: apiPlugin)

Support for Lambda in DataStore (multi-auth included) is achieved with new AuthRuleStrategy and AuthRuleProvider values custom and function.
We've decided to use custom as rule strategy for different reasons:

• future implementations of additional auth modes as flexible as a Lambda function (i.e. http)
• using a Lambda to decide whether a request is authenticated or not provides a high (if not the highest) degree of flexibility

Android PR: aws-amplify/amplify-android#1412
AppSync feature request: aws/aws-appsync-community#2

Check points:

• Added new tests to cover change, if needed
• All unit tests pass
• All integration tests pass
• Documentation update for the change if required
• PR title conforms to conventional commit style

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[codecov-commenter]

Codecov Report

Merging #1334 (c7c15c7) into main (79c3cd9) will increase coverage by 0.07%.
The diff coverage is 56.66%.

@@            Coverage Diff             @@
##             main    #1334      +/-   ##
==========================================
+ Coverage   60.55%   60.62%   +0.07%     
==========================================
  Files         660      662       +2     
  Lines       19877    19951      +74     
==========================================
+ Hits        12036    12095      +59     
- Misses       7841     7856      +15     

Flag	Coverage Δ
API_plugin_unit_test	65.83% <44.57%> (+0.18%)	⬆️
AWSPluginsCore	76.28% <80.95%> (-0.20%)	⬇️
Amplify	48.60% <0.00%> (+0.02%)	⬆️
Analytics_plugin_unit_test	73.41% <ø> (ø)
Auth_plugin_unit_test	82.31% <ø> (ø)
DataStore_plugin_unit_test	74.57% <100.00%> (+0.15%)	⬆️
Predictions_plugin_unit_test	33.51% <ø> (ø)
Storage_plugin_unit_test	57.72% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...ries/API/AuthProvider/APIAuthProviderFactory.swift	0.00% <0.00%> (ø)
...ies/DataStore/Model/Internal/Schema/AuthRule.swift	0.00% <ø> (ø)
...ries/DataStore/Subscribe/MutationEvent+Model.swift	0.00% <ø> (ø)
.../RequestInterceptor/AuthTokenProviderWrapper.swift	0.00% <0.00%> (ø)
...scriptionInterceptor/OIDCAuthProviderWrapper.swift	0.00% <0.00%> (ø)
.../Configuration/AWSAuthorizationConfiguration.swift	0.00% <0.00%> (ø)
...uth/Configuration/AWSLambdaAuthConfiguration.swift	0.00% <0.00%> (ø)
...gin/Configuration/AWSAPIEndpointInterceptors.swift	60.86% <16.66%> (-10.19%)	⬇️
...tionFactory/AWSSubscriptionConnectionFactory.swift	63.46% <18.18%> (-6.11%)	⬇️
...CategoryPlugin/Operation/AWSGraphQLOperation.swift	61.62% <50.00%> (-0.28%)	⬇️
... and 12 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 318fcfd...c7c15c7. Read the comment docs.

[diegocstn]

renamed to better reflect its usage (used for CognitoUserPools, OIDC and Lambda)

[diegocstn]

we choose the name function to avoid leaking service implementation detail into the library public API

[diegocstn]

Lambda Auth dev guide hasn't been published yet, I'll add a SeeAlso section as soon as the guide is available

[palpatim]

Let's verify that the code path that invokes the token provider wraps any returned error in an Amplify APIError. If so, then I'm OK leaving this returning Error

[diegocstn]

• AuthTokenURLRequestInterceptor (mutations, queries) wraps the returned error in a APIError.operationError
• OIDCAuthInterceptor (subscriptions) in case of failure retrieving the token it just skips the auth step and doesn't return/wrap the error

[palpatim]

Change to throws per discussion. Add note of changed behavior to CHANGELOG

[palpatim]

Change to throws per discussion. Add note of changed behavior to CHANGELOG

[palpatim]

Comments inline, plus:

• Add integ tests

[palpatim]

Checkpoint review so I'll have something to baseline against

[diegocstn]

Comments inline, plus:

• Add integ tests

Added API integration tests

[diegocstn]

This is largely based on OIDCAuthInterceptor.
All the AuthInterceptors (this one included) share a common logic, we should evaluate if it's feasible to refactor in a common interceptor with customization points that others provider-specific interceptors can use to inject custom logic.

[palpatim]

Approved w/deprecation note