feat: Support OIDC configs in mongodbatlas_stream_connection

[LijieZhang1998]

Description

This ticket added one authentication mechanism to the Kafka connection.

Link to any related issue(s): https://jira.mongodb.org/browse/CLOUDP-338207

Type of change:

• Bug fix (non-breaking change which fixes an issue). Please, add the "bug" label to the PR.
• New feature (non-breaking change which adds functionality). Please, add the "enhancement" label to the PR. A migration guide must be created or updated if the new feature will go in a major version.
• Breaking change (fix or feature that would cause existing functionality to not work as expected). Please, add the "breaking change" label to the PR. A migration guide must be created or updated.
• This change requires a documentation update
• Documentation fix/enhancement

Required Checklist:

• I have signed the MongoDB CLA
• I have read the contributing guides
• I have checked that this change does not generate any credentials and that they are NOT accidentally logged anywhere.
• I have added tests that prove my fix is effective or that my feature works per HashiCorp requirements
• I have added any necessary documentation (if appropriate)
• I have run make fmt and formatted my code
• If changes include deprecations or removals I have added appropriate changelog entries.
• If changes include removal or addition of 3rd party GitHub actions, I updated our internal document. Reach out to the APIx Integration slack channel to get access to the internal document.

Further comments

[github-actions]

APIx bot: a message has been sent to Docs Slack channel

[jwilliams-mongo]

Suggested change

	* `client_id` - Public identifier for the kafka client. It must be unique across all clients that the authorization server handles.
	* `client_id` - Public identifier for the Kafka client. It must be unique across all clients that the authorization server handles.

what is the consequence of this not being unique? Guessing a token wouldn't be issued, but it's not clear why this must be unique.

[LijieZhang1998]

The uniqueness is applied to the authorization server(IdP provider). If I remove the second sentence, does it make sense to you?

[jwilliams-mongo]

do you think it would be helpful to note these should be concatenated? Any specific certs in the chain that are not required? is a specific order required?

[LijieZhang1998]

What do you mean by "be concatenated"? No specific order is required. We don't want to mark optional on the fields because the OpenID protocol is very flexible. We can't guarantee whether field is a must or not. For backward compatibility, we don't indicate whether it is mandatory or not.

[jwilliams-mongo]

do you think it would help to clarify that this is usually an IdP

[LijieZhang1998]

Is this ok?

Suggested change

	* `token_endpoint_url` - OAUTH issuer token endpoint HTTP(S) URI used to retrieve the token.
	* `token_endpoint_url` - OAUTH issuer(IdP provider) token endpoint HTTP(S) URI used to retrieve the token.

[lantoli]

as discussed offline please don't merge until 2.0.0 is released

[lantoli]

Suggested change

	resource/mongodbatlas_stream_connection: Add new authentication mechanism(OIDC) to the Kafka connection
	resource/mongodbatlas_stream_connection: Adds new authentication mechanism(OIDC) to the Kafka connection

3rd person for changelog messages

[lantoli]

changelog entries for the 2 datasources are missing

[lantoli]

do all new attributes apply to Kafka? in that case consider having them inside a kafka_config nested attribute, although it's probably better to follow as it's in the Atlas API

[lantoli]

new attributes description is missing in resource doc page

[lantoli]

q: does Atlas return some default value if not provided by the client? in that case the atribute might need to be Optional & Computed, although better to keep it as Optional if possible

[lantoli]

why not inline testCaseKafkaOAuthBearer in TestAccStreamRSStreamConnection_kafkaOAuthBearer ?