Streamlined handling for merged accounts

[jbasney]

When duplicate accounts are merged in the ACCESS User DB, one or more accounts will be marked as "duplicate". As part of its nightly update, COmanage should pass a flag ("?include-merged=1") to the User API and check for records with "duplicate" status. For those user records, COmanage should (automatically):

1. Set the COmanage status to DUPLICATE for that record.
2. Unlink any OrgIDs (federated identities) linked to that record.
3. Lock the corresponding Kerberos principal.

With the above process in place, account merges can be performed by Track 1 without any manual action required by Track 3.

[terrencegf]

Terry and the rest of the ACCESS security team has access to https://xacct-admin.access-ci.org/merge_people . Terry documented the process of handling duplicate accounts at https://github.com/access-ci-org/access-user-management/tree/main/merge .