Implement OmniAuth provider support for Organization Login in Protocells

Problem Statement

Without any changes, when users migrated to Protocells, click on OmniAuth providers (Google, GitHub, etc.) on the global GitLab.com sign-in page, they will encounter 422 errors because their accounts no longer exist in the local database - they've been moved to their organization's cell.

Proposed Solution

Prior discussion can be found here. Implement graceful handling of OmniAuth callbacks for Protocell users by extending the existing Topology Service classification logic to work with OmniAuth flows.

User Experience Flow Proposal

User clicks Google on gitlab.com/users/sign_in
↓
OmniAuth provider authentication completes
↓
Callback to GitLab - user not found in local DB
↓
Query Topology Service with email from OAuth response
↓
Redirect to gitlab.com/o/acme-corp/users/sign_in with:
- Pre-filled email from OAuth provider
- Organization branding/context
- Error message: "Please sign in with your password or organization SSO"
- Relevant auth options for that organization

This implementation provides a seamless transition for OmniAuth users moved to Protocells while maintaining backward compatibility and setting the foundation for future organization-specific authentication features.

UX proposal

• Figma
• Video walkthrough