Support iTwin share keys

[jjspace]

Description

• Add ITwinPlatform.defaultShareKey to support using the iTwin Share API for public access
  • This value will override the ITwinPlatform.defaultAccessToken if it's set
  • Currently this value must be sent using Basic auth instead of Bearer so I added a helper function for generating the Auth headers
• Both iTwin sandcastles have been updated to use share keys and no longer need the ion token route

Issue number and link

No issue

Testing plan

• Load the local sandcastles and make sure they still work without the ion route
  • iModel Mesh Export (ci version)
  • iTwin Feature Service (ci version)

Author checklist

• I have submitted a Contributor License Agreement
• I have added my name to CONTRIBUTORS.md
• I have updated CHANGES.md with a short summary of my change
• I have added or updated unit tests to ensure consistent code coverage
• I have updated the inline documentation, and included code examples where relevant
• I have performed a self-review of my code

[github-actions]

Thank you for the pull request, @jjspace!

✅ We can confirm we have a CLA on file for you.

[ggetz]

Thanks @jjspace! Just those two notes.

[jjspace]

Thanks @ggetz, updated

[shehzan10]

@jjspace Do we need to have this here? Perhaps an update can point to the tutorial and developer documentation when ready. Same comment for the other sandcastle too.

[jjspace]

@shehzan10 We can certainly add more docs or tutorials later but I don't think there's an issue with providing this information in multiple locations. These sandcastles may end up being one of the main ways to quick reference how to interact with iTwin data in CesiumJS. I think it's worth keeping these 2 lines just for convenience/reference

[shehzan10]

@jjspace With the goal being to introduce this to the Cesium community via CesiumJS first, IMO its important to keep it simple. By having the comment If you do use oauth for user login set, the statement is vauge-ish because OAuth login has a very specific meaning. So either:

1. We remove this comment and instead point to the tutorials/documentation when ready.
2. Make the comment more accurate, yet simple to understand and allows the developer on which approach to use.

Open to other suggestions as well.

[davidhjones]

I agree with @jjspace here, I think its nice to show users that they're able to use either form of authentication to use the sandcastle demo -- sharing or oauth. If you'd like to add more detail to suggesting oauth, you could point them do our oauth docs: https://developer.bentley.com/apis/overview/authorization/

[shehzan10]

Would it be better to then have a comment like:

// For alternative forms of authentication you can use, visit https://developer.bentley.com/apis/overview/authorization/.

And combine this with line 35?

[ggetz]

Thanks @jjspace, as well as @shehzan10 and @davidhjones for your feedback!