Sign in to GitLab.com (and other large instances) via single sign-in to arbitrary GitLab instances

Description

Consider the sign in page for GitLab.com:

Screenshot_from_2018-06-02_12-25-24

GitLab has single sign-on support from another GitLab instance via omniauth, but you can only integrate against a single GitLab instance, which must be specified at instance configuration time by the administrator. There's no way for someone running their own GitLab instance to use it to sign in to GitLab.com, or to allow a network of equal GitLab instances to seamlessly interoperate (as opposed to a network of satellites around GitLab.com).

Proposal

Introduce an identity method that allows the authoritative GitLab server to be determined at runtime. "Sign in from your own GitLab instance", or some such.

This fills a peculiar gap in our existing authentication and is an important step in bringing public non-GitLab.com instances to parity with GitLab.com itself. Its privileged position in terms of being an authentication source is a network effect we can mitigate.

It's also an important enhancement to various "federated GitLab" proposals such as https://gitlab.com/gitlab-org/gitlab-ee/issues/4517 and https://gitlab.com/gitlab-org/gitlab-ce/issues/4013

Links / references

/cc @jramsay