feat: add option to use organization id for preferred username in Google Provider

[pixeldrew]

Description

Google id token uses the google id as username. I have internal systems that the username should match employee id which is my mapped into my google workspace directory as "Organization Id". I needed to have a way to retrieve that and add it to a header as it's not in the id token either.

Motivation and Context

This allows a preferred username to be retrieved from the directory as "organization" id instead of google's user id. This is similar to how you might use MS Entra's onpremid to map to local AD usernames. I added a config change to enable this. If the user does not have an organization id mapped, the auth service will 500, i'm open to changing this behavior.

Due to the way the scope permissions are iterated over, it currently only works if you have both https://www.googleapis.com/auth/admin.directory.group.member.readonly and https://www.googleapis.com/auth/admin.directory.user.readonly.

Made the scope required for AdminApiUser as a config option.

How Has This Been Tested?

Tested locally and in production.

Checklist:

• My change requires a change to the documentation or CHANGELOG.
• I have updated the documentation/CHANGELOG accordingly.
• I have created a feature (non-master) branch for my PR.
• I have written tests for my code changes.

[tuunit]

Please run make generate to update the alpha docs

[tuunit]

@pixeldrew please check the linting issues in the workflow or run make lint locally :)

Rest looks good to me, after the linting issues are fixed this is ready to be merged

[pixeldrew]

@pixeldrew please check the linting issues in the workflow or run make lint locally :)

Rest looks good to me, after the linting issues are fixed this is ready to be merged

fixed the linting issues and regenerated the docs again, apologies for the rework.

[tuunit]

Fixed the last lint error myself and adapted the Changelog :)

Thanks for contributing