MQTT5 request-response implementation

[hylkevds]

I've had time to look at the request-response implementation and I'm using this issue to gather some thing I've noticed.

• The response-topics are currently hard-coded as "/reqresp/response/" + clientId. I think that should not start with a /, should it?
• The response-topics are currently hard-coded, they probably should be configurable.
• The hard-coded allow rule only allows the exact response topic "/reqresp/response/" + clientId, but I think the general idea is that the user can freely choose response topics in the full sub-tree below the response topic. Of course a custom IAuthorizatorPolicy can manually allow this, but shouldn't the default hard-coded one do this already?
• A subscription on /reqresp/# currently returns all responses. I think users should never be allowed to see the responses to requests of other users when using the broker-provided response tree... This can be fixed with a custom IAuthorizatorPolicy of course.

[andsel]

@hylkevds I think all your points are fair and good. The last one is properly a bug IMHO.

[hylkevds]

Thanks for confirming.
None of it is really breaking, or a major security issue. I'll probably make a PR while making a prototype for the draft SensorThings API v2.0 MQTT bindings.

[andsel]

Great! Eventually we could backport and create a patch version 0.18.1