feat: add hide_credentials for multi-auth plugin

[madhawa-gunasekara]

Fixes #11069 11069

Checklist

• I have explained the need for this PR and the problem it solves
• I have explained the changes or the new features added to this PR
• I have added tests corresponding to this change
• I have updated the documentation to reflect this change
• I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

[shreemaan-abhishek]

Hi I don't understand this feature well. Could you please describe this in more detail in the linked issue?

[madhawa-gunasekara]

Hi @shreemaan-abhishek,

multi-auth plugin works as a wrapper to enable multiple authentication for routes. but I found there is a bug where users can't use a common header name for multiple authentication with credential hiding option. which we need fixed, most of the cases users need to hide their credentials. I fixed that with this pull request. this fix will allow users to use a common header to use multiple authentication with credential hiding.

[shreemaan-abhishek]

does this bug exist only in jwt-auth when used with multi-auth? I suppose other auth plugins would need fixing too.

[madhawa-gunasekara]

Hi @shreemaan-abhishek,

most of the auth plugins use http headers, few use query params and cookies, jwt-auth and key-auth are some of them. In this fix we clear the auth-details after iterating thru all the auth plugins. Therefore I moved a generic code snippet where it clears the cookies to utils, to avoid code redundency.
AFAIK with this fix all the auth-plugins are covered with multi-auth plugin.

[shreemaan-abhishek]

AFAIK with this fix all the auth-plugins are covered with multi-auth plugin.

please cover them with test cases. Thank you.

[shreemaan-abhishek]

@madhawa-gunasekara please avoid force pushing and resolve the lint failure thanks.

[shreemaan-abhishek]

only two blanklines are needed

[shreemaan-abhishek]

one more blank line needed