NSFS | NC | add option to set account supplemental groups

[nadavMiz]

Explain the changes

supplemental groups are additional groups an account can be part of besides his main group (gid). add option to set a users supplemental groups through the nsfs cli. see Supplementary group IDs in https://man7.org/linux/man-pages/man7/credentials.7.html. having addition groups allows account to access files and directory that allow access to one of the accounts supplemental groups (similar to main group access ). supplementary group IDs are used mainly for adding permissions. for other purposes the accounts main GID will be used (for example determining the group of a file created by the account). note that this enables access only on file system level, s3 commands will still require bucket policy permissions. in the same manner account will still be block from accessing the file system even if it has bucket policy permissions

1. add option to set account supplemental groups:
2. supplemental groups can be added by nsfs cli either by passing a single positive number (202) or string of comma separated positive number ("200,101")
3. supplemental groups can be added using from_file as wither one of the previously mentioned types or as an array of positive numbers ([212,313])
4. supplemental groups will be saved as part of the account configuration in the section nsfs_account_config
5. set supplemental groups as part of setting the user id for both linux and darwin (see os_linux.cpp and os_darwin.cpp)
6. add tests for both adding and updating account configuration (including from_file, and anonymous access)
7. change documentation to include data about supplemental_groups option
8. since mac-os creates new directories with parent directory gid and not the process gid. change new directories owner in test_nsfs_access.js. opened a new issue for this problem NSFS | macos | buckets created with parent directory GID instead of thread (user) GID #8665

Issues: Fixed #7274

Testing Instructions:

1. sudo npx jest test_nc_nsfs_account_cli.test.js
2. sudo npx jest test_nc_nsfs_anonymous_cli.test.js
3. sudo node ./node_modules/mocha/bin/mocha src/test/unit_tests/test_nsfs_access.js
4. sudo NC_CORETEST=true node ./node_modules/mocha/bin/mocha src/test/unit_tests/test_nsfs_integration.js

Gaps

#8665
noobaa/noobaa-operator#1505

• Doc added/updated
• Tests added

[shirady]

I added my comments (without the native files).

I would list things that you can add in this PR:

• Tests for the noobaa-cli that combines the supplemental groups with the --from_file flag.
• Tests for the noobaa-cli that combines the supplemental groups with the --anonymous flag
• Update the S3Ops.md about permission - currently only UID, GID is mentioned.

not relevant

[shirady]

LGTM