add validation for user principals after auth

[havetisyan]

Description

Scenario:
a) user is issued a 24 hour user certificate at 8am
b) use is terminated at 10am and the user account is disabled in Athenz

With option (b), the user is no longer part of any role and/or group. However, the user still has a valid certificate for another 22 hours. If there are any roles that have "user." or "" members, then the user can still use its x.509 certificate to get an access token which should not be allowed. While we take the risk that the user's certificate will be valid for another 22 hours while connecting to other services, ZMS and ZTS themselves should not honor that certificate.

So now after every authenticate call, if the principal identity is the user domain, ZMS/ZTS validate the user with the configured user authority to make sure the user is still valid before processing the request.

Contribution Checklist:

• The pull request does not introduce any breaking changes
• I have read the contribution guidelines.
• Create an issue and link to the pull request.

Attach Screenshots (Optional)

[gemini-code-assist]

Code Review

This pull request introduces user principal validation in both ZMS and ZTS services by integrating userAuthority and userDomain into the RsrcCtxWrapper. The validation logic ensures that users are active during authentication and authorization processes. Feedback from the review focuses on optimizing performance by implementing a flag to prevent redundant validation calls within a single request context. Additionally, the reviewer suggests enhancing error logging to explicitly signal misconfigurations when the required authority or domain properties are missing.