User APIs for automated management
This adds two new XMLRPC user management APIs:
- system.get_all_users to find out which users are registered on this LAVA instance.
- system.set_user_active to lock and unlock accounts on the LAVA instance.
Both APIs require a token from a user with staff access.
The background here is our ongoing attempt to integrate LAVA more fully into a SSO environment, where OIDC only takes us so far in terms of things like account locking and access by use of user tokens.
The upstream MR is lava!1890.