Use AuthSecret as Bearer token for lookupd queries

[jehiah]

The AUTH protocol spec and nsqd AUTH details don't give much guidance for how to use AUTH with a lookupd endpoint (except implying that nsqauthfilter is one approach).

Currently the only exposed capability to use a lookup endpoint that requires authorization is to bake authorization credentials into the URL used as a lookup endpoint. go-nsq then makes a GET request to that endpoint during discovery.

Security best practice is to move authorization details to a header and out of the URL i.e. a Authorization: Bearer {Auth Secret} header.

This issue is to introduce new behavior where an AuthSecret when set is used as a Bearer token on lookupd calls. That seems like a sane default

LookupdAuthorization=false can be used to opt out of the new behavior (AuthSecret used on lookupd requests)

cc: @mreiferson @ploxiln in case you have any thoughts on this approach. I think our AUTH docs could use a little help, i'll try to build some better documentation of that.

[ploxiln]

Makes sense to me.

(I did take a moment to remind myself of the elements here: the AuthSecret is currently just used for tcp-protocol to nsqd, and with this change it still is, but with the addition of being sent to nsqlookupd in the auth header, unless explicitly disabled. Should be fully backward compatible, except it can "expose" your AuthSecret to your nsqlookupd by default, which is probably not the end of the world.)

[mreiferson]

LGTM otherwise