feat: provision group membership based on userinfo

[bcskda]

Description

Autoprovision groups based on userinfo

Adds a new auto-provision.groups-claim config parameter - the claim which holds the list of user's group IDs.
If set, change user's group membership accordingly. If not set, keep current behavior.
Unknown groups are ignored.

Related Issue

• Fixes [FR] Autoprovision groups based on userinfo #300

Motivation and Context

External group/role management via OIDC is widely used, but currently lacking in ownCloud.

How Has This Been Tested?

• test environment: ~100 users installation (with modified unsigned oidc module), Keycloak 21+ for IdP
• test case 1: add user to known Keycloak realm groups; login; check ownCloud group membership
• test case 2: re-login; check group membership persists
• test case 3: remove user from some Keycloak realm groups; re-login; check ownCloud group membership

Screenshots (if appropriate):

None

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Technical debt
• Tests

Checklist:

• Code changes
• Unit tests added
• Acceptance tests added
• Documentation ticket raised:

Open tasks:

• ...

[CLAassistant]

All committers have signed the CLA.

[DeepDiver1975]

Looks like the coding style is not respected and please add tests for this. THX

[messi89]

any news about this pr ?

[bcskda]

I definitely lack qualification to proceed on this, so we'll probably keep using this as a downstream patch
To anyone willing to follow the same path: keep in mind this is security-related change which hasn't been positively reviewed by maintainers, so exercise caution (also the unsigned apps issue)