What does this PR do and why is it necessary?

This extends the existing functionality to automatically manage the users based on headers provided by an auth proxy in front of OctoPrint to include group management. This allows one to use an external source of users with varying levels of access.

By configuring a header that contains a comma-separated list of groups and optionally a mapping of the names in this list to the names of the matching OctoPrint groups (in case these don't match) this will manage the list of groups that a user belongs to.

How was it tested? How can it be tested by the reviewer?

I've mostly tested this by configuring it to look at the groups header that OAuth2 Proxy sends. (Note that it doesn't include this header by default, the --set-xauthrequest flag enables this.) It can also be tested by simply including these headers in a manual request.

Example configuration:

accessControl:
  trustRemoteUser: true
  addRemoteUsers: true
  remoteUserHeader: 'X-Auth-Request-Preferred-Username'
  remoteGroupsHeader: 'X-Auth-Request-Groups'
  remoteGroupsMapping:
    foo: readonly
    bar: users

This can be tested by performing a login request with e.g. curl:

curl 'http://127.0.0.1:8083/api/login?passive' -X POST -H 'X-Auth-Request-Preferred-Username: testuser' -H 'X-Auth-Request-Groups: foo,bar'

In the output of this request it can be observed that the user is in the readonly and users groups. (Most fields have been omitted from this output for the sake of brevity.)

{
  "name": "testuser",
  "groups": [
    "readonly",
    "users"
  ]
}

Repeating the request with one of the groups removed will result in the user also losing said group:

curl 'http://127.0.0.1:8083/api/login?passive' -X POST -H 'X-Auth-Request-Preferred-Username: testuser' -H 'X-Auth-Request-Groups: foo'

{
  "name": "testuser",
  "groups": [
    "readonly"
  ]
}

Any background context you want to provide?

No.

What are the relevant tickets if any?

None that I am aware of.

Screenshots (if appropriate)

N/A.

Further notes

N/A.