Draft: Make the sylva-admin user in keycloak a principal of the Rancher admin account

What does this MR do and why?

The normal procedure to integrate Rancher with keycloak it via the GUI. Once the keycloak parameters are filled, the page to connect to keycloak pops up, the user fills the credentials (e.g. sylva-admin + password), and the configuration completes. A part of this configuration is that the keycload ID of the provided credentials is assigned to the admin user. The result is that the local admin user and the keycload sylva-admin users are the same user from Rancher's perspective. In particular sylva-admin has the Administrator role.

We integrate rancher via an authConfig resource, which doesn't involve the full procedure of providing user credentials. As a consequence, the sylva-admin user is seen as a user independent from the admin user, and has a standard user role (though the fact that he belongs to the infra-admins group grants him an Administrator role, but it can be confusing in the GUI).

This MR reconfigures the User resource of the local admin user to add to it the keycloak id of the sylva-admin user. When connecting as sylva-admin, the admin user is seen as using the Keycloak provider, and he has clearly a global Administrator role.

Related reference(s)

Test coverage

Manual verification:

• connect as sylva-admin
• check that the admin user comes from keycloak:
• check that it is still possible to connect to rancher with the local admin account