…tching authorization)

Adds support for logical disjunction (aka "OR" operator) in 'when' conditions and pattern-matching authorization rules.

A new field `any: Array<expression>` was introduced to the AuthConfig API to express logical disjunction, along with `all: Array<expression>` to enforce the default AND operation, where `expression` can be any of the following:
- a pattern composed of `selector`, `operator` and `value`;
- a reference to a named pattern (`patternRef: String`);
- a nested `any` field;
- a nested `all` field.

For backward compatibility, the AND operator is assumed for all lists of patterns not grouped under an explicit `any` field declaration. I.e., it is equivalent to grouping the patterns under a single `all` field declaration.

Example 1) To allow anonymous access (no authentication required) for all request to path `/test/*` OR method `GET` (ocasionally both):

```yaml
spec:
  authentication:
    anonymous-request:
      when:
      - any:
        - selector: context.request.http.path
          operator: matches
          value: ^/test/.*
        - selector: context.request.http.method
          operator: eq
          method: GET
      anonymous: {}
```

In a more complex condition, with nested logical operators, to express `host == 'foo.apis.io' AND ((path =~ '/test*' AND (method == 'POST' OR method == 'PUT')) OR method == 'GET')`:

```yaml
spec:
  authentication:
    anonymous-request:
      when:
      - selector: context.request.http.host
        operator: eq
        value: foo.apis.io
      - any:
        - all:
          - selector: context.request.http.path
            operator: matches
            value: ^/test/.*
          - any:
            - selector: context.request.http.method
              operator: eq
              value: POST
            - selector: context.request.http.method
              operator: eq
              value: PUT
        - selector: context.request.http.method
          operator: eq
          value: GET
      anonymous: {}
```