Deprecate Apache Knox SSO Integration for Removal

NiFi 1.4.0 introduced support for authentication with Apache Knox Single Sign-On based on JSON Web Tokens provided through a cookie and verified using a configurable public key.

Separate from Apache Knox SSO authentication, Apache Knox itself provides gateway access as a proxy using the X-ProxiedEntitiesChain HTTP Header. Proxy access should remain supported as it is part of the X.509 client certificate authentication strategy. Deployment patterns based on Apache Knox gateway access work without any features or configuration properties specific to Knox.

With the implementation of standards-based Single Sign-On using OpenID Connect and SAML 2, custom cookie-based SSO with Apache Knox should be deprecated for removal.