tsnet,client/tailscale: add APIClient which runs API over Noise.

Updates tailscale/corp#4383

Signed-off-by: Maisem Ali <maisem@tailscale.com>

client/tailscale/tailscale.go

@@ -18,6 +18,9 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
+
+	"tailscale.com/types/key"
 )
 
 // I_Acknowledge_This_API_Is_Unstable must be set true to use this package
@@ -90,6 +93,29 @@ func (c *Client) setAuth(r *http.Request) {
 	}
 }
 
+// nodeKeyAuth is an AuthMethod for NewClient that authenticates requests
+// using a node key over the Noise protocol.
+type nodeKeyAuth key.NodePublic
+
+func (k nodeKeyAuth) modifyRequest(req *http.Request) {
+	// QueryEscape the node key since it has a colon in it.
+	nk := url.QueryEscape(key.NodePublic(k).String())
+	req.SetBasicAuth(nk, "")
+}
+
+// NewNoiseClient is a convenience method for instantiating a new Client
+// that uses the Noise protocol for authentication.
+//
+// tailnet is the globally unique identifier for a Tailscale network, such
+// as "example.com" or "user@gmail.com".
+func NewNoiseClient(tailnet string, noiseRoundTripper http.RoundTripper, nk key.NodePublic) *Client {
+	return &Client{
+		tailnet:    tailnet,
+		auth:       nodeKeyAuth(nk),
+		HTTPClient: &http.Client{Transport: noiseRoundTripper},
+	}
+}
+
 // NewClient is a convenience method for instantiating a new Client.
 //
 // tailnet is the globally unique identifier for a Tailscale network, such