[PRP-215 & PRP-276] Add authentication to staff portal

[rocketnova]

Ticket

• https://wicmtdp.atlassian.net/browse/PRP-215
• https://wicmtdp.atlassian.net/browse/PRP-276

Changes

What was added, updated, or removed in this PR.

• Upgrade terraform aws provider to >= 4.59.0 to get the latest version available in github actions
• Create a module /infra/modules/email to manage AWS SES and invoke it /infra/app/app-email
• Create a module /infra/modules/cognito to manage manage AWS Cognito
• Invoke cognito module in /infra/app/env-template to set up a cognito user pool and user pool client per environment
• Update participant database schema and create database migration to add a staff_users table to associate cognito user UUIDs with local agency UUIDs
• Update staff .env.example, docker-compose.yml, and lowdefy.yml with the secrets that lowdefy requires to connect to an OpenID Connect provider
• Add a login page to the staff portal and wire up the logout button to actually work
• Filter the records shown in the staff portal by the local agency of the logged in user and add the name of the local agency to the top of the page

Context for reviewers

Testing instructions, background context, more in-depth details of the implementation, and anything else you'd like to call out or ask reviewers. Explain how the changes were verified.

This PR covers the following flow:

• A user can access the staff portal login page
• They can click a login button to be redirected to the hosted aws cognito user pool client
• They can fill in credentials for a manually created aws cognito account
• They will be redirected to the staff portal recertifications page
• The page should load, but will show no records because the user hasn't been associated with an existing local agency yet

This PR does not cover:

• Converting deployment of the staff portal from ECS to lambda
• Automating the creation of users in cognito
• Adding user records to the database

Testing

Screenshots, GIF demos, code examples or output to help show the changes working as expected. ProTip: you can drag and drop or paste images into this textbox.

It was proving challenging to set up a mock OIDC server to test against, so I moved that work into a new ticket: https://wicmtdp.atlassian.net/browse/PRP-282. This PR covers very basic testing of just the login page.

[github-actions[bot]]

Chromatic_Build : Link to latest build in Chromatic 🌈 Link to storybook build in Chromatic