Add HTTP PATCH support to KV

[ccapurso]

This PR introduces support for HTTP PATCH into Vault. The ACL layer has been modified to include a patch capability. Despite the fact that a patch operation could be interpreted as a type of update, the update capability will continue to function as it does today.

A PatchOperation has been added to the existing logical.Operation set. Vault's logical request handling will map HTTP PATCH requests to a PatchOperation. Currently, Vault will only support JSON merge patch requests which must have a Content-Type header with a MIME type of application/merge-patch+json. If an incorrect MIME type has been provided, Vault will respond with 415 Unsupported Media Type. PATCH requests must be made to existing resources. A 404 Not Found response will be returned to the requester in the case that a logical.Request handler returns a nil response without an error.

To ensure consistent handling of JSON merge patch requests, a global framework.HandlePatchOperation function has been provided which accepts request data, the existing resource data, and a preprocessor func (framework.PatchPreprocessorFunc). The preprocessor is used to ensure the shape of the request data matches the shape of the resource data. The framework.HandlePatchOperation function uses a library called json-patch in order to perform the patch operation. The library expects that both the patch document and the existing resource are provided as marshaled JSON in the form of byte arrays. The patch abstraction will be responsible for the following:

1. Ensure that provided resource is not nil, otherwise return an error
2. Construct input map by iterating through fields in framework.FieldDataa using GetOk method so that unexpected fields are ignored and data types are handled properly
3. If a preprocessing func has been provided, call it with the constructed map from step 2.
4. Separately call json.Marshal provided with maps of resource and input constructed in step 2.
5. Call MergePatch from the json-patch library with marshaled JSON byte arrays created in step 4.
6. Return output from 5. to calling request handler

A JSONMergePatch function will be added to the Logical API in the Vault Go client. It will set the Content-Type header value to application/merge-patch+json.

The existing vault kv patchcommand performs a read, local update, and update in order to achieve a patch operation. The command has been modified to initially attempt an HTTP PATCH using the JSONMergePatch function with a fallback to current behavior in the case of a 403 response. The -cas and -method flags have also been added to the command.

The -method flag supports the values of patch and rw. The patch method will explicitly run the HTTP PATCH logic. The rw method will run the existing read-then-write flow.

The -cas flag will be used for the check-and-set version if provided for HTTP PATCH. The -cas flag will be ignored for the read-then-write flow. Instead, the version value from the secret returned by the read will specify the cas field used in the subsequent write.

Documentation PR: #12689

Fixes #1468
Fixes #7437
Fixes #12330

[pmmukh]

one question, but lgtm!