cri_auth: turn OIDCClientExtension into a generic model

This is the first part of the work towards a working auth_request implementation, and as such was cherry-picked from !74 (closed)

OIDCClientExtension has been split into two models. As such, OIDCClientExtensionGroup has been renamed into AuthGroup and a new model AuthGroupsClientsMapping has been created. Aspects of the OIDCClientExtension model that were used for groups filtering have been moved to AuthGroupsClientsMapping, which is now referenced by OIDCClientExtension through a ForeignKey fields. This allows addition of new authentication methods without code duplication, or wonky logic such as those new methods depending on OIDCClientExtension, and thus an OIDC client. As such, a new AuthMethodMixin has been created that contains all common methods between authentication models. It also allows to link several clients to the same groups and filter options, and as such avoid duplication of business logic for users.

Unit tests have been added for the methods migrated from OIDCClientExtension to AuthGroupsClientsMapping.

Database migration steps are as follows:

• Rename model OIDCClientExtensionGroup to AuthGroup.
• Rename model OIDCClientExtension to AuthGroupsClientsMapping. This is done to prevent useless copying of managers and groups. Thus, we only have to re-create OIDCClientExtension objects with the OIDC client, is_restricted boolean field and a reference to AuthGroupsClientsMapping.
• AuthGroup: rename some fields to match the new logic.
• AuthGroup: rename oidc_client_extension field to groups_clients_mapping and change its type.
• AuthGroupsClientsMapping: add the name field, defaulting to "Placeholder" for the migration.
• Re-create the OIDCClientExtension model.
• Re-create the OIDCClientExtension objects from AuthGroupsClientsMapping data.
• Remove client, is_legacy fields from AuthGroupsClientsMapping.
• Populate the name field of AuthGroupsClientsMapping from the OIDCClientExtension client names.