Plugin clnrest improvements

[ShahanaFarooqui]

• Generate client, server & CA certs.

• Write automated testcases

• Add configurable CSRF, CORS & CSP options

• Add websocket server support for browsers too
  Reported by @ddustin on Discord
  "It looks like the web browser based websocket api does not allow custom http headers. so I believe, in it's current form,
  clnrest isn't usable in a web browser -- was that intentional? perhaps we could move the rune and node id to another field (uri
  or websocket message) so we're compatible with web browsers. Here are four common solutions to the problem:
  https://websockets.readthedocs.io/en/stable/topics/authentication.html"

[tonyaldon]

Hey @ShahanaFarooqui if you're not already working on clnrest tests I'd like to write some tests for clnrest plugin. Is it okay for you?

[ShahanaFarooqui]

@tonyaldon Hey, perfect timing. I was about to start it today. Please go ahead and let me know if you need any information regarding it.

BTW, you can refer to ./tests/test_cln_rs.py which has been written for grpc and mimic the same tests for clnrest as well.

[tonyaldon]

Cool! I'll work on it. Thanks for the reference to grpc test.

[ShahanaFarooqui]

For posterity:

• Generate client, server & CA certs.

Done.

• Add configurable CSRF, CORS & CSP options

Introduced CORS and CSP configuration options but not including CSRF till there is no absolute need because:
- Not using cookies, SameSite Cookie Attribute and ensuring that client never sends the rune automatically with cross-site requests can easily mitigate the risk of XSRF attack.
- Adding that with strict origin check, rune's embedded restrictions and stateless authentication (ie. rune is passed via an authorization header) makes CSRF negligible.

• Add websocket server support for browsers too

Websocket Server support for browser was already available but it did not have rune authentication. Added the authentication and an html/js example in doc/developers-guide/app-development/rest.md now.

[ShahanaFarooqui]

Cool! I'll work on it. Thanks for the reference to grpc test.

Please link your PR with this issue as well once it is drafted/ready for review.