[gitlab] Support custom GitLab SSO sign-on URLs

[pjlast]

Closes #50879

Adds a new Auth provider configuration option for GitLab auth providers, ssoURL. This is an optional URL that points to a GitLab group's SSO sign-in page, and adds the regular OAuth URL as a redirect parameter. So users will first sign in to GitLab using their SSO, then it will redirect them to the normal OAuth flow.

GitLab's normal OAuth flow for groups that have SSO enabled is broken, and users will be redirected to the normal GitLab sign-in page where they have to provide a username and password, which they don't have, because they use SSO.

Imagine the following scenario:

• You work for a company, SecretOrg
• Your code is stored on GitLab, and your SecretOrg group uses SAML/SSO for signing in
• SecretOrg uses Sourcegraph, because SecretOrg is awesome
• You try to sign into Sourcegraph using the GitLab OAuth app that is configured for SecretOrg
• You get directed to https://gitlab.com/users/sign_in before you can authorise the OAuth app, and it asks for a username and password
• You don't have a username and password? You use SAML/SSO! What now!?
• You go back to Sourcegraph
• You open GitLab in a new tab, navigate to your GitLab group and sign in via SAML/SSO
• Then you go back to Sourcegraph, try to sign in again now that you have an active GitLab session, and it works

This is super annoying, and it's not intuitive how to solve this yourself unless you've been through this before.

Test plan

Add unit test for new handler

[sourcegraph-bot]

Codenotify: Notifying subscribers in CODENOTIFY files for diff 4ae7ee4...4ee4c96.

Notify	File(s)
@sourcegraph/delivery	doc/admin/auth/index.md
@unknwon	enterprise/cmd/frontend/internal/auth/gitlaboauth/BUILD.bazel enterprise/cmd/frontend/internal/auth/gitlaboauth/login.go enterprise/cmd/frontend/internal/auth/gitlaboauth/login_test.go enterprise/cmd/frontend/internal/auth/gitlaboauth/provider.go

[kopancek]

Nice, I like this approach 👍

[sashaostrikov]

LGTM!