[proxy] Refactor cplane API and add new console SCRAM auth API

Now proxy binary accepts `--auth-backend` CLI option, which determines
auth scheme and cluster routing method. Following backends are currently
implemented:

* legacy
    old method, when username ends with `@zenith` it uses md5 auth dbname as
    the cluster name; otherwise, it sends a login link and waits for the console
    to call back
* console
    new SCRAM-based console API; uses SNI info to select the destination
    cluster
* postgres
    uses postgres to select auth secrets of existing roles. Useful for local
    testing
* link
    sends login link for all usernames

proxy/src/auth/credentials.rs

@@ -23,6 +23,10 @@ impl UserFacingError for ClientCredsParseError {}
 pub struct ClientCredentials {
     pub user: String,
     pub dbname: String,
+
+    // New console API requires SNI info to determine cluster name.
+    // Other Auth backends don't need it.
+    pub sni_cluster: Option<String>,
 }
 
 impl ClientCredentials {
@@ -45,7 +49,11 @@ impl TryFrom<HashMap<String, String>> for ClientCredentials {
         let user = get_param("user")?;
         let db = get_param("database")?;
 
-        Ok(Self { user, dbname: db })
+        Ok(Self {
+            user,
+            dbname: db,
+            sni_cluster: None,
+        })
     }
 }
 
@@ -54,7 +62,7 @@ impl ClientCredentials {
     pub async fn authenticate(
         self,
         config: &ProxyConfig,
-        client: &mut PqStream<impl AsyncRead + AsyncWrite + Unpin>,
+        client: &mut PqStream<impl AsyncRead + AsyncWrite + Unpin + Send>,
     ) -> Result<compute::NodeInfo, AuthError> {
         // This method is just a convenient facade for `handle_user`
         super::handle_user(config, client, self).await