Improve how we create new authorizations

[aarongable]

Within the NewOrderAndAuthzsRequest, replace the corepb.Authorization field with a new sapb.NewAuthzRequest message. This message has all of the same field types and numbers, and the RA still populates all of these fields when constructing a request, for backwards compatibility. But it also has new fields (an Identifier carrying both type and value, a list of challenge types, and a challenge token) which the RA preferentially consumes if present.

This causes the content of our NewOrderAndAuthzsRequest to more closely match the content that will be created at the database layer. Although this may seem like a step backwards in terms of abstraction, it is also a step forwards in terms of both efficiency (not having to transmit multiple nearly-identical challenge objects) and correctness (being guaranteed that the token is actually identical across all challenges).

After this change is deployed, it will be followed by a change which removes the old fields from the NewAuthzRequest message, to realize the efficiency gains.

Part of #5913

[beautifulentropy]

These look like excellent improvements. I'd like a small doc comment change and some consideration on another comment.

[aarongable]

To ensure there are no deployability problems with this change, I have run the Go subset of our integration tests with both a new RA / old SA combo, and an old RA / new SA combo. Note the BuildIDs in the startup version logs, indicating the branch that the service was built from:

❯ docker compose up boulder
<snip>
boulder-1  | 16:58:00.416181 6 boulder-sa n_ifwwM Versions: boulder-sa=(main Unspecified) Golang=(go1.22.2) BuildHost=(Unspecified)
boulder-1  | 16:58:04.592247 6 boulder-ra jsHX0gc Versions: boulder-ra=(new-authz-req Unspecified) Golang=(go1.22.2) BuildHost=(Unspecified)
<snip>

❯ docker compose exec boulder bash
root@c77883ff0f71:/boulder# go test -tags integration -count=1 -race ./test/integration
ok      github.com/letsencrypt/boulder/test/integration 36.365s

❯ docker compose up boulder
<snip>
boulder-1  | 17:01:57.291694 6 boulder-sa mub6og0 Versions: boulder-sa=(new-authz-req Unspecified) Golang=(go1.22.2) BuildHost=(Unspecified)
boulder-1  | 17:02:01.575147 6 boulder-ra w63SxgY Versions: boulder-ra=(main Unspecified) Golan
g=(go1.22.2) BuildHost=(Unspecified)
<snip>

❯ docker compose exec boulder bash
root@c77883ff0f71:/boulder# go test -tags integration -count=1 -race ./test/integration
ok      github.com/letsencrypt/boulder/test/integration 36.964s

For posterity, the steps I followed to get this working were:

1. Edit startservers.py's install command to add -ldflags "-X \"github.com/letsencrypt/boulder/core.BuildID=foobar' so that the binary it produces will have an actual build ID to report
2. Check out main, start the integration tests to build a binary, and copy //bin/boulder to //bin/boulder-main
3. Check out this branch, edit startservers to set a different BuildID, rebuild the binary, and copy //bin/boulder to //bin/boulder-branch
4. Comment out the ./link.sh line from the Makefile
5. Edit startservers.py to invoke //bin/boulder-ra and //bin/boulder-sa directly (instead of using subcommands like //bin/boulder boulder-ra)
6. Symlink //bin/boulder-ra to //bin/boulder-branch, and //bin/boulder-sa to //bin/boulder-main
7. Run the commands shown above
8. Repeat steps (6) and (7), but with the symlinks swapped

There has to be an easier way, but this definitely worked.