feat: refactor identity persister

[alnr]

This is some groundwork to more easily plug different persisters into kratos.

I've shuffled some code around:

• moved the persister code related to identites and session devices to their own packages.
• the (new) IdentityPersister now uses a faster path to hydrate identity associations (addresses, credentials) in all cases, not just for session lookups.
• moved to github.com/laher/mergefs in favor of github.com/ory/x/fsx: this allows merging on top of already merged filesystems to be more flexible with custom migrations
• all kratos servers (public, admin, metrics) are now cancelable via context. Previously, you could only stop the server via SIGINT/SIGTERM
• pass through driver options to the migrate command

Other notes:

• the InternalCredentials field is no longer routinely used to get credentials. Instead, we use an intelligent join to get the data in one go. Please review carefully.

ref https://github.com/ory-corp/cloud/issues/4013

[codecov]

Codecov Report

Merging #3101 (fc4daf1) into master (2d489e7) will increase coverage by 0.08%.
The diff coverage is 87.02%.

❗ Current head fc4daf1 differs from pull request most recent head b8a7b72. Consider uploading reports for the commit b8a7b72 to get more accurate results

@@            Coverage Diff             @@
##           master    #3101      +/-   ##
==========================================
+ Coverage   77.50%   77.58%   +0.08%     
==========================================
  Files         314      316       +2     
  Lines       19897    19908      +11     
==========================================
+ Hits        15421    15446      +25     
+ Misses       3285     3273      -12     
+ Partials     1191     1189       -2     

Impacted Files	Coverage Δ
cmd/hashers/argon2/loadtest.go	7.33% <ø> (ø)
cmd/jsonnet/format.go	50.00% <0.00%> (ø)
courier/smtp.go	69.56% <ø> (ø)
driver/registry_default.go	86.92% <0.00%> (+0.22%)	⬆️
hash/hasher_pbkdf2.go	78.37% <ø> (ø)
persistence/sql/persister_continuity.go	91.42% <ø> (ø)
persistence/sql/persister_courier.go	83.33% <0.00%> (ø)
selfservice/strategy/password/validator.go	93.10% <ø> (ø)
x/time.go	81.81% <ø> (ø)
identity/identity.go	88.05% <50.00%> (ø)
... and 21 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[aeneasr]

This is looking pretty good already! Note to myself: i need to review the identity persister changes

[aeneasr]

Reason for removal?

[alnr]

Software that imports kratos as a package might choose to hydrate the credentials in a different way, bypassing InternalCredentials. This tests implementational details, which we shouldn't do IMO.

LMKWYT.

[aeneasr]

Persister reviewed :) Great stuff! Conceptually, this is shippable. Just a few comments :)

[CaptainStandby]

LGTM. Just one question concerning SQL injection.

[aeneasr]

Just saw this (it exists in the current code too) - NamedExecContext should return the number of rows affected, which we could use to return an error. But anyways this is an optimization for another day and another PR!

[jonas-jonas]

Did the defer go missing here? @alnr

[alnr]

Wow, well spotted!
#3145

[aeneasr]

thank you for double checking @jonas-jonas 🙏

[jonas-jonas]

Same here?