feat: SCIM list provider users

[BruceMacD]

Restore #3379

• add SCIM list users endpoint

Summary

This change adds the necessary logic for a SCIM identity provider to list the users it has associated with it.

It does not include the changes necessary to create an access key for an identity provider (which this functionality will rely on) so the code path can't be accessed yet.

Checklist

• Wrote appropriate unit tests
• Considered security implications of the change
• Updated associated docs where necessary
• Updated associated configuration where necessary
• Change is backwards compatible if it needs to be (user can upgrade without manual steps?)
• Nothing sensitive logged
• Considered data migrations for smooth upgrades

Related Issues

Part of #3378

[dnephin]

Looks good, but I think we might be missing an authorization check

[dnephin]

Isn't this missing a call to RequireInfraRole (or IsAuthorized ) ?

[BruceMacD]

Originally that was part of this change, but after building out the rest of the SCIM functionality I realized that the SCIM role wasn't needed. This endpoint can only be called with an access key issued for a provider, and it can only modify the provider that the access key was issued for. In this way is acts similarly to our other isSelf endpoints.

[dnephin]

Ahh, because we query with AccessKey.IssusedFor, which will have a providerID in the case of these SCIM access keys, and there should never be an overlap between userIDs and providerIDs, got it!