Support OIDC based SSO.

[reasonerjt]

1. Admin should be able to configure OIDC endpoint in Harbor.
2. After step 1. in addition to login via DB/LDAP, user should be able to login via the OIDC endpoint, based on the code-based oauth2 flow. After first successful authentication, the user will "on board" to Harbor, so there is a record in Harbor's DB and the user can be added to a project and assigned a role in the project.
3. Client should access Harbor's API via OIDC token provided by the endpoint, which represents an on boarded user.
4. The user in step 2 should be able to use docker CLI or kubelet to interact with Harbor to perform push/pull image. However, b/c the CLI cannot handle the SSO, we may need to allow user to use some token to authenticate, the detail of the solution is TBD.

There is a proposal WIP: goharbor/community#17 we'll work together to refine it, or create a new one if needed.

Some issues will be closed after this work is done:
#1893 #4616 #5358

[reasonerjt]

A draft proposal is submitted:
goharbor/community#64

[reasonerjt]

Closing as all planned work is delivered in v1.8