Add machine accounts

[barreiro]

Adds a machine user role.

There is a bit of mismatch as it's presented in the UI as a team role, so that it can be managed by team managers.

Fixes #1702 .

[barreiro]

added test case

[johnaohara]

This PR makes changes to the UI, please can we add/modify the docs?

[barreiro]

Added section to the docs with a couple screenshots :grinning:

[johnaohara]

There is a bit of mismatch as it's presented in the UI as a team role, so that it can be managed by team managers.

I think this confuses the role logic and UI slightly, in that "Machine Account" is a "User Role", whereas we are presenting is as a "Team Role", which;

1. Means that machine accounts can be re-used / managed by multiple teams - i.e. think password reset
2. Couples the logic between user roles & team roles.

I think the logic would be simpler, we could guard against re-use and the UI would be more intuitive if under the "Machine Accounts" Tab, we have a "New Account" button that created a new "Machine Account" for a particular team

[barreiro]

I have revamped this PR after your comments, with the goal of improving UX.

1. Accounts are created and managed in the Machine Accounts tab and in there only.
2. They are not displayed in the UI as users and their roles are not mutable.
3. Because of the way they are created and managed, they are only associated with a single team.
4. Same behavior for both keycloak and database backends, meaning that machine accounts can be consistently created in different scenarios (keycloak, database or external OIDC provider).
5. Test cases now cover both backends, and ensure that these accounts can log in with Basic authentication in both cases.

When migrating between versions, this feature requires that a new machine base role is created in keycloak.

[johnaohara]

@barreiro this looks good, final question, how do users remove team accounts?

[barreiro]

@johnaohara that is another feature we need to add, not only for machine accounts but for user accounts as well.