Reworking admin login mechanism
We currently use gitlab to authorise admins (using a gitlab group) but doesn't quite work anymore as gitlab limited the number of participants in such groups to 5 people so we can't add anyone else ( https://gitlab.com/openid-conformance-suite-admins ).
But someone at gitlab told me they now expose more in their id tokens and we might be able to give people admin access based on their role in the main gitlab group, https://gitlab.com/openid/ - where we don't have the 5 people limit. It seems like it's the info available from the user info endpoint, in particular https://gitlab.org/claims/groups/owner
or perhaps maintainer
as per https://docs.gitlab.com/ee/integration/openid_connect_provider.html