Allow auth metadata to be configured

[tyrannosaurus-becks]

This draft PR shows the approach being currently pursued to add the ability to configure auth metadata at the role level.

Although it was added at the identity/config endpoint in a different auth engine, it was added at the role level in this one because that's where the aliases are also currently configured, so I thought it made sense to keep them together.

TODO

• Docs
• Wait for Add helper for aliasmetadata and add to AWS auth vault#8783 to be merged and update to using Vault master

[kalafut]

@tyrannosaurus-becks @pcman312 I've been playing with this for both IAM and GCE and it seems to work fine. My main feedback is that we probably want this new configuration (both alias name and metadata) at the top level /config object, similar to AWS. (AWS has an additional "identity" level which doesn't apply here, but the configuration is still for the whole backend, not by role.) Per-role configuration is a potential future enhancement.

[tyrannosaurus-becks]

Deleting this branch because there are upstream conflicting changes, and the fields also need to be on the config, so it'll be faster to take off a fresh branch than continue with this one.