Updated authorization flow

Updated authorization flow. Intention is that both project admins and subjects are able to register their REST account with the rest source authorizer. A setup with a token state is used to allow state to be persisted between starting registration and finishing it. If it turns out that this is not feasible, the state could be persisted in the session storage instead.

[x] created API
[x] frontend flow
- [x] add Link new account button on the main page.
- [x] on the new registration page, add button to either authorize or create a registration link
- [x] create a page that recognises token and secret parameters that forms a welcome page for a subject
- [x] create a page that thanks the subject for finishing registration or warn them of errors
- [x] add registration action to each row of a user that is unauthorised, so unauthorised users can be re-authorized.

The API can be used as follows:

press create user
select source type, project, user ID, start date, end date

request POST <backend url>/users with contents

interface RestSourceUserRequest {
    projectId: String
    userId: String
    startDate: Instant
    endDate?: Instant
    sourceType: String
}

which will have response (for user 1)

HTTP 201 Created
Location: <backend url>/users/1

interface RestSourceUserResponse {
    id: String
    projectId: String
    userId: String
    sourceId: String
    startDate: Instant
    endDate?: Instant
    sourceType: String
    createdAt: Instant
    humanReadableUserId: String
    externalId: String
    serviceUserId?: String
    isAuthorized: Boolean
    timesReset: Int
    version: String
}

After the user has been created, an account registration request can be created at POST <backend url>/registrations with contents

 interface RegistrationCreateRequest {
     userId: String  // matches RestSourceUserResponse.id
     persistent?: Boolean  // set to true to get a long-living token
 }

with response (for token abcdef)

HTTP 201 Created
Location: <backend url>/registrations/abcdef

 interface RegistrationResponse {
     token: String
     secret?: String  // only defined if the registration is persistent
     userId: String
     authEndpointUrl?: String  // only defined if the registration is not persistent
     expiresAt: Instant
     persistent: Boolean
 }

The token and secret can be used in a frontend URL to pass to the backend at a later time, or the authEndpointUrl can used immediately.
- If the user created a persistent token, the authEndpointUrl can be retrieved with a request to POST <backend url>/registrations/<token> with contents
```
interface RegistrationRequest {
    secret: String
}
```
  and it will return the authorization URL to be used:
```
interface RegistrationResponse {
    token: String
    userId: String
    authEndpointUrl: String
    expiresAt: Instant
    persistent: Boolean
}
```
When the user is authorized, they will be redirected to <frontend url>/users:new with a number of query parameters, including the state parameter. To finalize the authentication procedure, call POST <backend url>/registrations/<state>/authorize with contents. Alternatively, if the external service does not provide the state back, store the token in session storage and use that instead.
```
interface AuthorizeRequest {
    code?: String
    oauth_token?: String
    oauth_verifier?: String
    oauth_token_secret?: String
}
```
with response
```
HTTP 201 Created
Location: <backend url>/source-clients/<sourceType>/authorization/<serviceUserId>
```
```
interface RegistrationResponse {
     token: String
     userId: String
     expiresAt: Instant
     persistent: Boolean
}
```
- If the response indicated that the token was persistent, the user that can simply be thanked for entering their user details.
- Otherwise, the user can be redirected to the list of users.
- In both cases, the registration is now removed.

RADAR-base / RADAR-Rest-Source-Auth

Updated authorization flow #147