authenticator: Zeroize ValidatedClaims and OidcClaims on drop

[jasonhernandez]

Motivation

Defense-in-depth: zero user identity and JWT claim data from memory after use.

Description

• Implement Zeroize + ZeroizeOnDrop for ValidatedClaims (user identity string)
• Implement Zeroize for OidcClaims (issuer, audience, timestamps, unknown claims)
• Document that OidcDecodingKey wraps opaque jsonwebtoken::DecodingKey and cannot be zeroized
• Document that borrowed JWT token &str parameters are the caller's responsibility
• Regression tests for trait bounds and field clearing

No public API changes.

Depends on

• ore: Add secure module with zeroize types; migrate mz-auth #35635 (ore::secure module)

Part of SEC-115.

[github-actions]

Thanks for opening this PR! Here are a few tips to help make the review process smooth for everyone.

PR title guidelines

• Use imperative mood: "Fix X" not "Fixed X" or "Fixes X"
• Be specific: "Fix panic in catalog sync when controller restarts" not "Fix bug" or "Update catalog code"
• Prefix with area if helpful: compute: , storage: , adapter: , sql:

Pre-merge checklist

• The PR title is descriptive and will make sense in the git log.
• This PR has adequate test coverage / QA involvement has been duly considered. (trigger-ci for additional test/nightly runs)
• If this PR includes major user-facing behavior changes, I have pinged the relevant PM to schedule a changelog post.
• This PR has an associated up-to-date design doc, is a design doc (template), or is sufficiently small to not require a design.
• If this PR evolves an existing $T ⇔ Proto$T mapping (possibly in a backwards-incompatible way), then it is tagged with a T-proto label.
• If this PR will require changes to cloud orchestration or tests, there is a companion cloud PR to account for those changes that is tagged with the release-blocker label (example).