This has been reasonably well tested, but further testing should be done on staging.
Also optimizes avatar handling to use a constant size and not 404.
Fixes#1434
Fixes#306
- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
