Plan for deprecating and removing unmaintained OmniAuth gems

Background

From https://gitlab.com/gitlab-org/gitlab/-/issues/30073, we have a number of OmniAuth gems that have gone unmaintained. It's not clear to me if anyone is using these, and it's a security risk to support gems that haven't updated in a while:

• omniauth-azure-oauth2 - DEPRECATED, replaced by omniauth-azure-activedirectory-v2
• omniauth-cas3 - upstream not ready
• omniauth_crowd
• omniauth-shibboleth

I wonder if we should:

1. Add a warning that these will go away, and point people to this issue to comment.
2. Remove these entirely in GitLab 16.0.

We use omniauth-salesforce today, so I've asked the maintainer if we can just transfer maintainership to the main OmniAuth group: https://github.com/realdoug/omniauth-salesforce/pull/32#issuecomment-1164680551

Plan

2 epics have been created:

1. Deprecations and Breaking Changes for 16.0 - deprecation/removal of cas3 and crowd in here. @hsutor will take care of deprecation announcement

2. Future Deprecation and Removal Candidates - I put omniauth-shibboleth and omniauth-azure-oauth2 here for now. Should we decide we want to tackle these in %16.0 , we can pull them in to the %16.0 specific epic.

The two in the "Future" epic both have some usage left and I want to look harder at implications before we deprecate/remove, so I am not nominating them for %16.0 at this time.