feat: Meta-service cluster is gated by Enterprise Edition(Do NOT merge)

[drmingdrmer]

I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/

Summary

feat: Meta-service cluster is gated by Enterprise Edition

By default meta-service disallows clustering.
Meta-service cluster is only enabled when raft-config
databend_enterprise_license is set and is valid.
No feature in the jwt claim is examined.

The EE gate check when a meta node initiate raft-protocol network
instance. Thus without a valid EE token, all raft-protocol are disabled,
including RequestVote, AppendEntries, InstallSnapshot and internal
request forward.

If EE token is not set, an error will be outputed to log file.

• New config databend_enterprise_license:

  [raft_config]
  databend_enterprise_license = "<token>"
  

  This token is same as the one used by databend-query.

• When testing, a temp key pair and jwt claim is created to pass
  integration tests, this is enabled by fake_ee_license config entry.

• Other changes: Add DisplaySlice and DisplayUnixTimeStampExt to
  display slice of Display instance and unix timestamp.

feat: Add API to update license to meta-service in flight

Update EE license token with the following API:

curl -qs '127.0.0.1:28101/v1/ctrl/update_license?license=<license_token>'

On success, i.e., the token is valid and not expired, meta-service
respond with the 200 OK with token info, such as:

{"Success":"JWTClaims{issuer: databend, issued_at: 2024-05-13T05:57:24.000000Z+0000, expires_at: 2025-05-13T05:57:24.000000Z+0000, custom: LicenseInfo{ type: enterprise, org: databend-interval-test, tenants: None, features: [Unlimited] }}"}

If the token is invalid, or expired, it responds with 400 Bad Request
and a reason that cause the failure, such as:

Invalid license: JWT compact encoding error

Tests

• Unit Test
• Logic Test
• Benchmark Test
• No Test - Explain why

Type of change

• Other

Related Issues

---

This change is 

[lichuang]

why use a hard code public key?

[drmingdrmer]

This way only the the license token published by us with our private key will be correctly decoded.
If to let user config public key in config, user will be able to use a self signed token with its private key and let databend-meta decoded it with the public key it provided.

[ZhiHanZ]

I think we should provide a robust way to let user config their license on flight instead of update license on environment and restart meta server.

[drmingdrmer]

The API to update license in flight is added, Please review again guys

[ZhiHanZ]

LGTM, some ideas:
should we update meta server license when query cluster trigger
SET GLOBAL LICENSE command? it could simplify the meta service license setup, and support to view license from meta service by using license info system call command.
Ref:
https://docs.databend.com/guides/overview/editions/dee/license#verifying-a-license

[drmingdrmer]

LGTM, some ideas: should we update meta server license when query cluster trigger SET GLOBAL LICENSE command? it could simplify the meta service license setup, and support to view license from meta service by using license info system call command. Ref: https://docs.databend.com/guides/overview/editions/dee/license#verifying-a-license

If databend-query accepted an invalid license and forwarded it to meta-services, then meta-service cluster may run into problem because it can not form a cluster anymore. And then any further setting can not be saved by databend-query.

Therefore it is a little bit dangerous, but it would help in most cases.