Allow multiple auth providers with the same URL, adjust UI

[pjlast]

This PR removes the restrictions of having one Auth provider per URL, and instead allows one auth provider for each URL+ClientID combination.

The URL restriction came from the way our old permissions table worked, but with the user_repo_permissions table, this restriction no longer applies as permissions are stored against individual external accounts.

This has also become an increasingly common ask from customers, and it also eases the transitioning when switching from one auth provider to another, like switching from traditional GitHub OAuth to GitHub App Oauth.

One caveat that remains: Having multiple auth providers for the same URL does not play well with repo-centric permissions syncing, as we cannot from the repo token's perspective determine which user external account a permission should be bound to. There isn't a clean workaround to make this work, and the suggestion is to turn off repo-centric permissions syncing when using multiple auth providers to the same URL.

The idea is to have a follow-up PR that allows us to disable repo-centric permissions syncs for individual code host connections.

Having two auth providers and account connections that both point to github.com:

Some follow-up tasks:

• Change this code so that auth providers are grouped by UniqueID and not ServiceID
  • This will require changes to each individual auth provider. But it would allow us to not sync permissions using an external account that no longer has an active auth provider.
• Allow users to delete external accounts that are no longer associated with a valid auth provider
• Add a code host connection option that allows disabling repo-permissions syncing on a code host connection level

Test plan

Lots of tests updated and adjusted to fit the new criteria.

[kopancek]

Suggested change

	problems = append(problems, conf.NewSiteProblem(fmt.Sprintf("Cannot have more than one auth provider for Azure Dev Ops with Client ID %q, only the first one will be used", pr.AzureDevOps.ClientID)))
	problems = append(problems, conf.NewSiteProblem(fmt.Sprintf("Cannot have more than one auth provider for Azure Dev Ops with the same Client ID %q, only the first one will be used", pr.AzureDevOps.ClientID)))

[sourcegraph-bot]

Codenotify: Notifying subscribers in CODENOTIFY files for diff 58d9a0b...fa897f3.

Notify

File(s)

@unknwon

enterprise/cmd/frontend/internal/auth/azureoauth/BUILD.bazel enterprise/cmd/frontend/internal/auth/azureoauth/provider.go enterprise/cmd/frontend/internal/auth/azureoauth/provider_test.go enterprise/cmd/frontend/internal/auth/bitbucketcloudoauth/BUILD.bazel enterprise/cmd/frontend/internal/auth/bitbucketcloudoauth/config.go enterprise/cmd/frontend/internal/auth/bitbucketcloudoauth/config_test.go enterprise/cmd/frontend/internal/auth/gerrit/BUILD.bazel enterprise/cmd/frontend/internal/auth/gerrit/config.go enterprise/cmd/frontend/internal/auth/gerrit/config_test.go enterprise/cmd/frontend/internal/auth/githuboauth/BUILD.bazel enterprise/cmd/frontend/internal/auth/githuboauth/config.go enterprise/cmd/frontend/internal/auth/githuboauth/config_test.go enterprise/cmd/frontend/internal/auth/gitlaboauth/BUILD.bazel enterprise/cmd/frontend/internal/auth/gitlaboauth/config.go enterprise/cmd/frontend/internal/auth/gitlaboauth/config_test.go

[sourcegraph-bot]

📖 Storybook live preview

[sashaostrikov]

LGTM! Left some comments, none of them are critical

[sashaostrikov]

Nice try, Mr. Array.

Suggested change

	let accountMap = accumulator[account.serviceID] ?? []
	accountMap.push(account)
	accumulator[account.serviceID] = accountMap
	let accountArray = accumulator[account.serviceID] ?? []
	accountArray.push(account)
	accumulator[account.serviceID] = accountArray

[pjlast]

And I would have gotten away with it too, if it weren't for that meddling kid! - Mr. Array, probably