Alias GitHub/Bitbucket Cloud OAuth2 callback URLs to prevent covert redirections

From https://gitlab.com/gitlab-com/gl-infra/production/issues/662, we have an issue where we can't securely share the same OAuth2 application among GitHub logins and imports because the callback URLs are different:

• /users/auth/github/callback
• /import/github/callback

The same goes for Bitbucket.

Either we have to put these callbacks under the same URL structure (e.g. /callbacks/oauth/github/ for /callbacks/oauth/github/import and /callbacks/oauth/github/login), or we have to split the OAuth2 credentials into 2 different applications.

On the infra side, it should be possible to use a separate subdomain (e.g. oauth.gitlab.com) to handle all OAuth2 callbacks, but that seems like a separate issue.