IDforwarding: forward signed id to plugins (#75651)

* Plugins: Add client middlware that forwards the signed grafana id token if present

* DsProxy: Set grafana id header if id token exists

* Add util function to apply id token to header

* Only add id forwarding middleware if feature toggle is enabled

* Add feature toggles to ds proxy and check if id forwarding is enabled

* Clean up test setup

* Change to use backend.ForwardHTTPHeaders interface

* PluginProxy: Forward signed identity when feature toggle is enabled

* PluginProxy: forrward signed id header

pkg/util/proxyutil/proxyutil.go

@@ -10,8 +10,12 @@ import (
 	"github.com/grafana/grafana/pkg/services/auth/identity"
 )
 
-// UserHeaderName name of the header used when forwarding the Grafana user login.
-const UserHeaderName = "X-Grafana-User"
+const (
+	// UserHeaderName name of the header used when forwarding the Grafana user login.
+	UserHeaderName = "X-Grafana-User"
+	// IDHeaderName name of the header used when forwarding singed id token of the user
+	IDHeaderName = "X-Grafana-Id"
+)
 
 // PrepareProxyRequest prepares a request for being proxied.
 // Removes X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, Origin, Referer headers.
@@ -116,3 +120,13 @@ func ApplyUserHeader(sendUserHeader bool, req *http.Request, user identity.Reque
 		req.Header.Set(UserHeaderName, user.GetLogin())
 	}
 }
+
+func ApplyForwardIDHeader(req *http.Request, user identity.Requester) {
+	if user == nil || user.IsNil() {
+		return
+	}
+
+	if token := user.GetIDToken(); token != "" {
+		req.Header.Set(IDHeaderName, token)
+	}
+}