LDAP and SSO auth endpoints

This MR adds LDAP and SSO login support for the new API and fixes SSO login it for API v2. We now have three endpoints, one for each provider type:

• ANONYMOUS:
  POST /auth/login/guest (generates guest token)
• USERNAME_PASSWORD (registered, ldap):
  POST /auth/login/{providerId} (handles login, expects credentials as payload)
• SSO (oidc, cas, ...):
  GET /auth/login/{providerId} (redirects to SSO)

SSO workflow

1. Frontend opens /auth/login/{providerId} in a browser popup and waits for the popup to be closed.
2. In the popup the browser is redirected to the SSO's login page.
3. After successful authentication, the SSO redirects to our API's callback endpoint: /auth/callback/[...].
4. If the backend successfully verifies authentication, a browser cookie with a temporary JWT is set and the popup is closed.
5. Frontend tries to retrieve authentication: POST /auth/login.

Decisions

• Popup: With a popup, the frontend app doesn't have to be restarted.
• Cookie: Because the API's callback isn't directly called by the frontend, it doesn't have access to the response. I found three options to pass authentication to the frontend: via URL (query param/fragment identifier), JavaScript in the callback response or a short lived cookie. The cookie is easy to implement and doesn't require any knowledge about the frontend on the backend side.