Add gradual deployments and service bindings

[quisido]

Deployments can be 90%/10% to deploy to a partial production region before all of prod.

To keep connections to the same host (i.e. in the 10% treatment group), a Cloudflare-Workers-Version-Key header must be attached to the request with a constant ID for the user. This can be, e.g., a session ID or IP address.

In order to obfuscate any treatments (not allow or require users to choose), abstract the dependence on Cloudflare for this feature, and to consolidate any other server-side security, routing, or authorization logic, we can use a service binding as an entry point/reverse proxy.

user -> /path/to/authn/service-binding -> 90% -> AuthnWorker 1.0
                                       -> 10% -> AuthnWorker 1.1

The service binding doesn't use gradual deployments itself.

This allows testing in prod before a full roll-out, and a rollback if alarm thresholds cross.

Metric metadata: app version (git SHA?)
Alarm rollback monitor: only monitors metrics that match app version