Allow sign-in providers for permissions use only

[pjlast]

Closes #60615

The check that determines whether or not to auto-redirect to the auth provider does not take into account whether or not the auth provider is marked as hidden or not.

This PR fixes that so that if an auth provider his hidden, it is not factored into the decision of whether or not the user should be auto-redirected to the auth provider.

So now, if you have two auth providers configured:

{
  "auth.providers": [
    {
      "type": "github",
      "hidden": true
    },
    {
      "type": "gitlab"
    }
  ]
}

you would be auto-redirected to the GitLab sign-in page when visting /sign-in on Sourcegraph

Furthermore, this PR also adds a new config option, noSignIn, that allows an auth provider to be only hidden from the sign-in page (hidden hides it from the sign-in and account security page).

Test plan

Existing tests pass.

[eseliger]

This should probably apply to all provider types, not just OAuth

[pjlast]

@eseliger the non-OAuth checks are handled in their own middleware, like for SAML: https://sourcegraph.com/github.com/sourcegraph/sourcegraph@8ab60e39b0f9e31dd82886bde7e3f5516252d462/-/blob/cmd/frontend/internal/auth/saml/middleware.go?L60-72

[eseliger]

aha! that's interesting(read: a little confusing), but also probably fine :D

[eseliger]

I think we'd want to add that to the jscontext type definition on the JS side, to stay consistent.

[pjlast]

Ah sorry, this was WIP, should have marked it as draft again

[sourcegraph-bot]

📖 Storybook live preview