Add .Status to JWTAuthenticator with Conditions,Phase

- "Ready" condition & supporting conditions
- Legacy "Phase" for convenience
- Refactor newCachedJWTAuthenticator() func
  to improve ability to provide additional conditions
- Update JWTAuthenticator.Status type
- Update RBAC for SA to get/watch/update JWTAuthenticator.Status
- Update logger to plog, add tests for logs & statuses
- update Sync() to reduce enqueue when error is config/user managed, perhaps remove validateJWKSResponse()

deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml

@@ -174,6 +174,14 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
+              phase:
+                default: Pending
+                description: Phase summarizes the overall status of the JWTAuthenticator.
+                enum:
+                - Pending
+                - Ready
+                - Error
+                type: string
             type: object
         required:
         - spec

deploy/concierge/rbac.yaml

@@ -43,6 +43,10 @@ rules:
       - #@ pinnipedDevAPIGroupWithPrefix("authentication.concierge")
     resources: [ jwtauthenticators, webhookauthenticators ]
     verbs: [ get, list, watch ]
+  - apiGroups:
+      - #@ pinnipedDevAPIGroupWithPrefix("authentication.concierge")
+    resources: [ jwtauthenticators/status, webhookauthenticators/status ]
+    verbs: [ get, list, watch, update ]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1