This is the preliminary change for adding SAML 2.0 authentication. It includes a few major pieces: - Infrastructure for SSO backends including registry, configuration machinery, and URL registration. - Updates to settings forms to allow me to toggle some subforms based on a checkbox enabler rather than via drop-downs. - SAML 2.0 backend which includes configuration, login/logout, and user provisioning. The vast majority of the settings available are specific to SAML, including the various URLs and method settings. Because of some user feedback we've already recieved, I've added a toggle to control the behavior of user provisioning. In most cases, the person using this has absolute trust in the integrity and correctness of their IdP, but in some cases that may not be true. If the "username" parameter can not necessarily be trusted, there's an option to force existing users to log in with their Review Board password at least once. What's left to do: - "Login with SAML" button on the login screen. - Lots more unit testing. - Some refactoring of the link-user view to extract common functionality for other backends. - User/admin manual. Testing Done: Testing was done with a test application on onelogin.com with the relevant configuration to authenticate to my server on localhost. - Logged in with existing user that had a username match. - Logged in with user that had an email match and saw correct detection of the existing user. - Logged in with a user that had no existing match and saw provision screen. Proceeded and was logged in with a new user with correct name/email/etc. - Tested behavior of "require login" toggle. - Logged out from onelogin portal and saw GET request to the SLS endpoint which flushed the session and then redirected back to the onelogin login page. - Tested authentication configuration page, enabling/disabling settings, and making changes to settings. Tested behavior when the `python3-saml` package wasn't installed.