refactor: change authentication to return structured data (#12202)

Currently authentication methods return information in two forms: they return who was authenticated as a `*user_model.User`, and then they insert key-values into `ctx.Data` which has critical impact on how the authenticated request is treated.  This PR changes the authentication methods to return structured data in the form of an `AuthenticationResult`, with all the key-value information in `ctx.Data` being moved into methods on the `AuthenticationResult` interface.

Authentication workflows in Forgejo are a real mess.  This is the first step in trying to clean it up and make the code predictable and reasonable, and is both follow-up work that was identified from the repo-specific access tokens (where the `"ApiTokenReducer"` key-value was added), and is pre-requisite work to future JWT enhancements that are [being discussed](https://codeberg.org/forgejo/forgejo/issues/3571#issuecomment-13268004).

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
  - All changes, at least in theory, are refactors of existing logic and are not expected to have functional deviations -- existing regression tests are the only planned testing.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12202
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>

tests/integration/api_packages_chef_test.go

@@ -94,9 +94,10 @@ nwIDAQAB
 			defer tests.PrintCurrentTest(t)()
 
 			req := NewRequest(t, "POST", "/dummy")
-			u, err := auth.Verify(req.Request, nil, nil, nil)
-			assert.Nil(t, u)
+			u, err := auth.Verify(req.Request, nil, nil)
 			require.NoError(t, err)
+			require.NotNil(t, u)
+			assert.Nil(t, u.User())
 		})
 
 		t.Run("NotExistingUser", func(t *testing.T) {
@@ -104,7 +105,7 @@ nwIDAQAB
 
 			req := NewRequest(t, "POST", "/dummy").
 				SetHeader("X-Ops-Userid", "not-existing-user")
-			u, err := auth.Verify(req.Request, nil, nil, nil)
+			u, err := auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 		})
@@ -114,12 +115,12 @@ nwIDAQAB
 
 			req := NewRequest(t, "POST", "/dummy").
 				SetHeader("X-Ops-Userid", user.Name)
-			u, err := auth.Verify(req.Request, nil, nil, nil)
+			u, err := auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 
 			req.SetHeader("X-Ops-Timestamp", "2023-01-01T00:00:00Z")
-			u, err = auth.Verify(req.Request, nil, nil, nil)
+			u, err = auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 		})
@@ -130,27 +131,27 @@ nwIDAQAB
 			req := NewRequest(t, "POST", "/dummy").
 				SetHeader("X-Ops-Userid", user.Name).
 				SetHeader("X-Ops-Timestamp", time.Now().UTC().Format(time.RFC3339))
-			u, err := auth.Verify(req.Request, nil, nil, nil)
+			u, err := auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 
 			req.SetHeader("X-Ops-Sign", "version=none")
-			u, err = auth.Verify(req.Request, nil, nil, nil)
+			u, err = auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 
 			req.SetHeader("X-Ops-Sign", "version=1.4")
-			u, err = auth.Verify(req.Request, nil, nil, nil)
+			u, err = auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 
 			req.SetHeader("X-Ops-Sign", "version=1.0;algorithm=sha2")
-			u, err = auth.Verify(req.Request, nil, nil, nil)
+			u, err = auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 
 			req.SetHeader("X-Ops-Sign", "version=1.0;algorithm=sha256")
-			u, err = auth.Verify(req.Request, nil, nil, nil)
+			u, err = auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 		})
@@ -166,7 +167,7 @@ nwIDAQAB
 				SetHeader("X-Ops-Sign", "version=1.0;algorithm=sha1").
 				SetHeader("X-Ops-Content-Hash", "unused").
 				SetHeader("X-Ops-Authorization-4", "dummy")
-			u, err := auth.Verify(req.Request, nil, nil, nil)
+			u, err := auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 
@@ -257,7 +258,7 @@ nwIDAQAB
 					defer tests.PrintCurrentTest(t)()
 
 					signRequest(req, v)
-					u, err = auth.Verify(req.Request, nil, nil, nil)
+					u, err = auth.Verify(req.Request, nil, nil)
 					assert.NotNil(t, u)
 					require.NoError(t, err)
 				})