feat(ci): reusable platform startup for client CI tests (#1531)

Resolves #1530

Adds reusable `start-up-with-containers` composite action and
`start-additional-kas` action for multi-kas test scenarios.

This ensures the platform CI and all consumers CIs are driven close to
platform code with consumers having to know very little about the
internals of booting up the platform.

Evidence of working functionality in otdfctl e2e test flow:
https://github.com/opentdf/otdfctl/actions/runs/10745375375/job/29804266845?pr=369
Evidence of working functionality in xtest test flows:
opentdf/tests#190

Author: jakedoublev

test/start-additional-kas/action.yaml

@@ -0,0 +1,33 @@
+name: 'start-additional-kas'
+
+# This action relies on the start-up-with-containers action having already run.
+# Things like the working directory and configuration location are controlled by that action as predecessor.
+
+description: 'After start-up-with-containers has run, run an additional KAS instance'
+
+inputs:
+  kas-port:
+    required: true
+    description: 'The port for the additional KAS'
+  kas-name:
+    required: true
+    description: 'The name for the additional KAS'
+
+runs:
+  using: 'composite'
+  steps:
+    - uses: JarvusInnovations/background-action@2428e7b970a846423095c79d43f759abf979a635
+      name: Start another KAS server in background
+      with:
+        run: >
+          <opentdf.yaml >opentdf-${{ inputs.kas-name }}.yaml yq e '
+            (.server.port = ${{ inputs.kas-port }})
+            | (.mode = ["kas"])
+            | (.sdk_config = {"endpoint":"http://localhost:8080","plaintext":true,"client_id":"opentdf","client_secret":"secret"})
+          '
+          && .github/scripts/watch.sh opentdf-${{ inputs.kas-name }}.yaml ./opentdf --config-file ./opentdf-${{ inputs.kas-name }}.yaml start
+        wait-on: |
+          tcp:localhost:${{ inputs.kas-port }}
+        log-output-if: true
+        wait-for: 90s
+        working-directory: otdf-test-platform

test/start-up-with-containers/action.yaml

@@ -0,0 +1,67 @@
+name: 'start-up-with-containers'
+
+description: 'Start the OpenTDF Platform with its containerized resources'
+
+inputs:
+  platform-ref:
+    required: false
+    description: 'The ref to check out for the platform'
+    default: 'main'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Check out platform
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      with:
+        repository: opentdf/platform
+        # use a distinct path to avoid conflicts
+        path: otdf-test-platform
+        ref: ${{ inputs.platform-ref }}
+    - name: Set up go (platform's go version)
+      id: setup-go
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
+      with:
+        go-version-file: 'otdf-test-platform/service/go.mod'
+        check-latest: false
+        cache-dependency-path: |
+          otdf-test-platform/service/go.sum
+          otdf-test-platform/protocol/go/go.sum
+          otdf-test-platform/sdk/go.sum
+    - name: Provide the platform with keys
+      shell: bash
+      run: |
+        .github/scripts/init-temp-keys.sh
+        cp opentdf-dev.yaml opentdf.yaml
+      working-directory: otdf-test-platform
+    - name: Trust the generated certs
+      shell: bash
+      run: |
+        sudo chmod -R 777 ./keys
+        sudo apt-get install -y ca-certificates
+        sudo cp ./keys/localhost.crt /usr/local/share/ca-certificates
+        sudo update-ca-certificates
+      working-directory: otdf-test-platform
+    - name: Spin up platform's containerized resources
+      shell: bash
+      run: docker compose up -d --wait --wait-timeout 240
+      working-directory: otdf-test-platform
+    - name: Provision realms/clients/users into idP
+      shell: bash
+      run: go run ./service provision keycloak
+      working-directory: otdf-test-platform
+    - name: Provision test fixture policy
+      shell: bash
+      run: go run ./service provision fixtures
+      working-directory: otdf-test-platform
+    - name: Start platform server in background
+      uses: JarvusInnovations/background-action@2428e7b970a846423095c79d43f759abf979a635
+      with:
+        run: >
+          go build -o opentdf -v service/main.go
+          && .github/scripts/watch.sh opentdf.yaml ./opentdf start
+        wait-on: |
+          tcp:localhost:8080
+        log-output-if: true
+        wait-for: 90s
+        working-directory: otdf-test-platform