feat: exchange gRPC server implementation to connectRPC (#10145)

# Which Problems Are Solved

The current maintained gRPC server in combination with a REST (grpc)
gateway is getting harder and harder to maintain. Additionally, there
have been and still are issues with supporting / displaying `oneOf`s
correctly.
We therefore decided to exchange the server implementation to
connectRPC, which apart from supporting connect as protocol, also also
"standard" gRCP clients as well as HTTP/1.1 / rest like clients, e.g.
curl directly call the server without any additional gateway.

# How the Problems Are Solved

- All v2 services are moved to connectRPC implementation. (v1 services
are still served as pure grpc servers)
- All gRPC server interceptors were migrated / copied to a corresponding
connectRPC interceptor.
- API.ListGrpcServices and API. ListGrpcMethods were changed to include
the connect services and endpoints.
- gRPC server reflection was changed to a `StaticReflector` using the
`ListGrpcServices` list.
- The `grpc.Server` interfaces was split into different combinations to
be able to handle the different cases (grpc server and prefixed gateway,
connect server with grpc gateway, connect server only, ...)
- Docs of services serving connectRPC only with no additional gateway
(instance, webkey, project, app, org v2 beta) are changed to expose that
- since the plugin is not yet available on buf, we download it using
`postinstall` hook of the docs

# Additional Changes

- WebKey service is added as v2 service (in addition to the current
v2beta)

# Additional Context

closes #9483

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>

internal/api/grpc/user/v2/pat.go

@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"github.com/zitadel/oidc/v3/pkg/oidc"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
@@ -13,13 +14,13 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) AddPersonalAccessToken(ctx context.Context, req *user.AddPersonalAccessTokenRequest) (*user.AddPersonalAccessTokenResponse, error) {
+func (s *Server) AddPersonalAccessToken(ctx context.Context, req *connect.Request[user.AddPersonalAccessTokenRequest]) (*connect.Response[user.AddPersonalAccessTokenResponse], error) {
 	newPat := &command.PersonalAccessToken{
 		ObjectRoot: models.ObjectRoot{
-			AggregateID: req.UserId,
+			AggregateID: req.Msg.GetUserId(),
 		},
 		PermissionCheck: s.command.NewPermissionCheckUserWrite(ctx),
-		ExpirationDate:  req.ExpirationDate.AsTime(),
+		ExpirationDate:  req.Msg.GetExpirationDate().AsTime(),
 		Scopes: []string{
 			oidc.ScopeOpenID,
 			oidc.ScopeProfile,
@@ -32,25 +33,25 @@ func (s *Server) AddPersonalAccessToken(ctx context.Context, req *user.AddPerson
 	if err != nil {
 		return nil, err
 	}
-	return &user.AddPersonalAccessTokenResponse{
+	return connect.NewResponse(&user.AddPersonalAccessTokenResponse{
 		CreationDate: timestamppb.New(details.EventDate),
 		TokenId:      newPat.TokenID,
 		Token:        newPat.Token,
-	}, nil
+	}), nil
 }
 
-func (s *Server) RemovePersonalAccessToken(ctx context.Context, req *user.RemovePersonalAccessTokenRequest) (*user.RemovePersonalAccessTokenResponse, error) {
+func (s *Server) RemovePersonalAccessToken(ctx context.Context, req *connect.Request[user.RemovePersonalAccessTokenRequest]) (*connect.Response[user.RemovePersonalAccessTokenResponse], error) {
 	objectDetails, err := s.command.RemovePersonalAccessToken(ctx, &command.PersonalAccessToken{
-		TokenID: req.TokenId,
+		TokenID: req.Msg.GetTokenId(),
 		ObjectRoot: models.ObjectRoot{
-			AggregateID: req.UserId,
+			AggregateID: req.Msg.GetUserId(),
 		},
 		PermissionCheck: s.command.NewPermissionCheckUserWrite(ctx),
 	})
 	if err != nil {
 		return nil, err
 	}
-	return &user.RemovePersonalAccessTokenResponse{
+	return connect.NewResponse(&user.RemovePersonalAccessTokenResponse{
 		DeletionDate: timestamppb.New(objectDetails.EventDate),
-	}, nil
+	}), nil
 }