Support mqtt topics with path parameters required to match guarded identity

[jfallows]

Describe the desired outcome from the user's perspective
As IoT devops, I want to be secure access to some MQTT client specific topics for publish and/or subscribe.

Acceptance criteria

• for publish or subscribe routes
  • mqtt server can define path parameters for any segment in a topic name
  • mqtt server can enforce that a path parameter matches the client's guarded identity (e.g. via jwt guard)

Additional context
Suggested syntax after discussing with @epieffe.

mqtt_server0:
  type: mqtt
  kind: server
  routes:
    - when:
        - publish:
          - topic: taxi/{id}/location
            params:
              id: ${guarded['jwt'].identity}
        - subscribe:
          - topic: taxi/{id}/update
            params:
              id: ${guarded['jwt'].identity}
      exit: mqtt_kafka_proxy0

In this example, a taxi can only publish its own location and subscribe to updates intended for itself, by requiring the {id} path parameter to the match the guarded identity of the currently connected taxi.

[epieffe]

Ok @jfallows, thank you!