cert-v2 group based query protection

[HenryGrahamRivian]

This MR introduces an interface for filtering incoming host queries based on groups in the querying host's cert and groups in the queried host's cert.

This will improve the privacy of the network for its users by preventing users from querying hosts that they are not supposed to have access to as defined by the lighthouse configuration.

Required config file additions

lighthouse:
  query_protection:
    test-protection:
      - allowed-group

Example positive interaction

Example negative interaction

[salesforce-cla]

Thanks for the contribution! Unfortunately we can't verify the commit author(s): Henry Graham <h***@r***.com>. One possible solution is to add that email to your GitHub account. Alternatively you can change your commits to another email and force push the change. After getting your commits associated with your GitHub account, sign the Salesforce Inc. Contributor License Agreement and this Pull Request will be revalidated.

[salesforce-cla]

Thanks for the contribution! Before we can merge this, we need @HenryGrahamRivian to sign the Salesforce Inc. Contributor License Agreement.