Use a more conservative set of CipherSuites

The default cipher suites used by Go include a number of ciphers that
have known weaknesses. In addition to leaving users open to these
weaknesses, the inclusion of these weaker ciphers causes problems with
various automated scanning tools.

This PR disables the CBC-mode, RC4, and 3DES ciphers included in the
Go standard library by passing an explicit cipher suite list.

The ciphers included here are more line with those recommended by
Mozilla for "Intermediate" compatibility. [0]

*Performance Implications*

The Go standard library does capability-based cipher ordering,
preferring AES ciphers if the underlying hardware has AES specific
instructions. [1] Since all of the relevant code is internal modules,
to do the same thing ourselves would require duplicating that
code. Here, I've placed AES based ciphers first.

*Compatibility Implications*

This does reduce the number of clients who will be able to communicate
with dex.

[0] https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate&hsts=false&ocsp=false
[1] https://github.com/golang/go/blob/a8c2e5c6adc0d8f9b976a55bf4e22fcf5770ea55/src/crypto/tls/common.go#L1091



Signed-off-by: Steven Danna <steve@chef.io>

Replace x/net/context with stdlib context

Pydio Cells adopters list

Clarify the origin of the ca file in the Kubernetes guide

connector/ldap: display login error

Dockerfile: build with golang 1.12.9

storage/kubernetes: Removing Kubernetes TPR support

Third Party Resources (TPR) have been removed from Kubernetes for
roughly 2 years.  This commit removes the support dex had for them.

Documentation has been updated to reflect this and to instruct users
on how to migrate from TPR-powered dex environment to a Custom Resource
Defintion (CRD) based one that dex > v2.17 will support

bump deps for http2 issues

https://github.com/grpc/grpc-go/releases/tag/v1.23.0

https://groups.google.com/forum/#!topic/golang-nuts/fCQWxqxP8aA

Signed-off-by: Stephan Renatus <srenatus@chef.io>

Signed-off-by: Stephan Renatus <srenatus@chef.io>

Add examples for recent additions to oauth2 configuration options

Add reflection to gRPC API (configurable)

Add option to always display connector selection even if there's only one

Allow arbitrary data to be passed to templates

Add tests for some callback handler error conditions

Adjusting Makefile so that `golint` will compile

Return HTTP 400 for invalid state parameter

update all deps

Signed-off-by: Stephan Renatus <srenatus@chef.io>

Signed-off-by: Stephan Renatus <srenatus@chef.io>

Signed-off-by: Stephan Renatus <srenatus@chef.io>

server/api: fix logging in VerifyPassword

Before:

    msg="api: password check failed : %vcrypto/bcrypt: hashedPassword is not the hash of the given password"

After:

    msg="api: password check failed : crypto/bcrypt: hashedPassword is not the hash of the given password"

Signed-off-by: Stephan Renatus <srenatus@chef.io>

*: fix some lint issues

Mostly gathered these using golangci-lint's deadcode and ineffassign
linters.

Signed-off-by: Stephan Renatus <srenatus@chef.io>