Currently hadoop-auth AuthenticationHandler only authenticates a request.
While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).