Preserve URL fragment across sign-in and sign-up redirects

What does this MR do?

This allows links to a specific line in a private project's file to work by preserving the line number fragment across sign-in and sign-up redirects. This fix should also work for any other links containing a fragment id.

The fragment from the initial, unauthenticated request is automatically applied to the sign-in page by the browser after redirecting for authentication.

• For form based providers (Standard, LDAP) and the sign-up form, this MR appends the fragment to the form's action. This prompts the browser to re-apply the fragment to the page loaded after submitting the form and getting a redirect response.

• For button based providers (OAuth 2, SAML 2), this MR appends the fragment to the button's href in a redirect_fragment query parameter. OmniAuth saves this parameter in env['omniauth.params'] before redirecting to the provider. When the provider calls back after successful authentication, this MR appends the saved redirect_fragment to the redirect URL already stored in the session by Devise.

Are there points in the code the reviewer needs to double check?

• I've added a chunk of script to the devise/sessions/new.html.haml view. The script is in ES 5 syntax because it isn't getting transpiled. I suspect this should be externalized because of its size and so it can be written in ES 2015 syntax. I had trouble adding this to a new file in assets/javascripts and making a function available to new.html.haml. I could use some guidance here.

• This solution relies on the browser to:

  • Re-apply URL fragments on redirected pages, when the URL resulting in the redirect included a URL fragment
  • Support redirects with a URL fragment in the location

I've tested this successfully with the browsers I have available locally: current versions of Chrome, Safari, and Firefox, as well as IE 11

Why was this MR needed?

A URL fragment identifier (aka anchor ref) is used to identify the line number in the file. (e.g. http://localhost:3000/twitter/flight/blob/master/index.js#L9) The line number fragment was getting lost after redirecting to the originally requested URL following authentication. Browsers do not transfer the fragment identifier to the server, so the fragment identifier is not captured when Devise stores the originally requested URL in the session.

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

• Changelog entry added, if necessary
• Documentation created/updated
• API support added
• Tests added for this feature/bug
• Conform by the code review guidelines
  • Has been reviewed by a UX Designer
  • Has been reviewed by a Frontend maintainer
  • Has been reviewed by a Backend maintainer
  • Has been reviewed by a Database specialist
• Conform by the merge request performance guides
• Conform by the style guides
• If you have multiple commits, please combine them into a few logically organized commits by squashing them
• Internationalization required/considered
• End-to-end tests pass (package-and-qa manual pipeline job)

What are the relevant issue numbers?

Fixes #32584 (moved)

@ClemMakesApps, this is my first MR for GitLab. Any coaching you can give is appreciated.