Implement storage support via Cloud Spanner

[tiziano88]

Implement a client library in the Rust SDK that allows interacting with a Cloud Spanner instance.

This should not require any changes to the Runtime, it should be implemented by using a gRPC client pseudo-node connecting to the Cloud Spanner API.

Note that the root of trust for such stored data would be google.com, so only data that is labelled "public" (or scoped via an appropriate TLS tag -- see #814) can be stored in this way.

• https://cloud.google.com/spanner/docs/reference/rpc#google.spanner.v1.spanner
• https://github.com/googleapis/googleapis/blob/master/google/spanner/v1/spanner.proto

[tiziano88]

@conradgrobler assuming this requires establishing a gRPC connection and passing some auth token as metadata, how should we pass this secret to the application? Will it be covered by #696?

[conradgrobler]

I would guess so: Metadata Service for VMs and Kubernetes Secrets for Kubernetes workloads.

[tiziano88]

Sure, Metadata Service provides the secret to the oak runtime somehow, but how is the secret going to be accessed by the application? Perhaps related to #689 too, but we should have a clearer idea of how this is going to work e2e. cc @ipetr0v

[conradgrobler]

The gRPC client configuraiton needs to be refacored as well. If I understand the current configuration settings correctly, you can only specify a single target URL for the gRPC client pseudo node to connect to. In most cases I would guess you need multiple pseudo nodes, each with a target endpoint and a configured mechanism for authentication (eg auth token, username + password, client cert etc).