opa plugin add extraCredentails

[beiliubei]

Description

The identity supports receiving the extraCredentials parameter.

Additional context and related issues

Release notes

( ) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text:

## Section
* Fix some things. ({issue}`issuenumber`)

[wendigo]

What's the use case for this? I don't think that we want the extra credentials to leak to a OPA

[beiliubei]

from the opa plugin we want more informations, like project name.

[wendigo]

I don't understand how extraCredentials relate to project name

[beiliubei]

{"connect_args":{"http_headers":{"X-Trino-Extra-Credential":"project=project1"}}}

We are using superset with Trino and with these engine parameters in the superset.
Meanwhile, we will define different policies for the project in the OPA(rego).

projects := yaml.unmarshal(`
projects:
  - name: "project1"
    databases:
          - name: "db1"
            tables:
              - name: "tb1"
                 expression: "app_id in ('a1')"
  - name: "project2"
    databases:
          - name: "db1"
            tables:
              - name: "tb1"
                 expression: "app_id in ('b1')"
`)

input.context.identity.extraCredentials["project"]

with this config, and then receiving the extra credential from the Trino query, we will append the where cause app_id in ('a1')

some same request issue.
#25415
#24493