RBAC: Support github teams #2751

[maros2710]

• Breaking change? (if so, please describe the impact and migration path for existing application instances)

What changes did you make? (Give an overview)
Closes #2751

Added github teams support. (see #2751)
Now you can set up github team in rbac configuration like this:

- provider: oauth_github
  type: team  
  value: "provectus/memelords" #{organization}/{team}

Is there anything you'd like reviewers to focus on?
I am not very good at reactor, so maybe look at my reactive pipelines, please :)

How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)

• No need to
• Manually (please, describe, if necessary)
• Unit checks
• Integration checks
• Covered by existing automation

Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (e.g. ENVIRONMENT VARIABLES)
• My changes generate no new warnings (e.g. Sonar is happy)
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged

Check out Contributing and Code of Conduct

[Haarolean]

Hi, and thanks for your contribution. Please take a look at the comment I've left.
Also, please refer to our contributing guide and follow one for the future contributions (I've been working on this issue already thus the issue was assigned to me), having you to comment on the issue to grab it beforehand would be nice.

[Haarolean]

I believe we can refrain from creating a webclient for every each of the requests

[maros2710]

I have added git gitHubApiUri property to OAuthProperties.OAuth2Provider that is later used as base GitHub api URI

[Haarolean]

We don't need such a property as it should be fetched via OpenID provider configuration request.
You can fetch it via req.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri()

[Haarolean]

We'd like to see a cleaner approach here, let's say this:

1. we filter the roles we have and if there are no subjects matching github teams, we can skip teams fetching altogether
2. the same applies to organizations, if none are present in roles, we don't have to query organizations either

[maros2710]

I am not sure, if I understand, can you explain a little bit more please? Thanks!

[Haarolean]

@maros2710

1. don't fetch user teams if there are no RBAC subjects with "oauth_github/team" present, the same applies to organizations
2. don't use pairs, concat three lists, each one for roles by orgs, roles by teams and roles by username.

[darkLord19]

@maros2710 are you still interested in completing this or can I try resolving the review comments?

[Haarolean]

Closing in favor of #4093