authz: Initial implementation of Bitbucket Server ACLs

Created by: tsenart

This PR introduces an initial implementation of Bitbucket Server ACLs. It is bare-bones and unoptimised, but it works. I'm putting it out so that I can get early feedback before starting to measure and optimise things (i.e. caching) and possibly writing some E2E tests once we have the #4253 done (cc @sourcegraph/distribution).

As we learned by talking to interested customers, authentication with Bitbucket Server isn't necessary since they use SAML for the same purpose against LDAP or Active Directory. Authorization, then, relies on the constraint that the usernames in Sourcegraph user accounts are identical to those in Bitbucket Server, as they origin from the same central directory (LDAP / AD).

Part of #1108

Created by: tsenart

I am currently investigating using 2 legged Oauth 1.a to impersonate users against the Bitbucket Server API, as opposed to the current approach which uses an admin's personal access token to perform all requests. With impersonation, we'd be able to reduce the number of calls to the API from O(n) to O(1) in RepoPerms.

Created by: beyang

Approving to unblock, re-request a review from me if I should take another look.

Created by: tsenart

@sourcegraph/core-services, @beyang: I have reworked this PR to use OAuth authentication to impersonate each user we are fetching permissions for. This will require admins to create an Application Link in Bitbucket Server with the right settings, which I will document in a follow-up PR, together with all other documentation changes, including CHANGELOG.

This PR now also introduces much better tests: It actually loads a Bitbucket Server instance with fixture data it needs to run Provider tests, but keeps runtimes fast by using VCR recordings.

The size of the PR is big. But please take your time with it and review it as if it was a new one.

Created by: tsenart

Of course, besides a documentation follow-up, I will also follow up with changes for caching permissions.

Created by: codecov[bot]

Codecov Report

Merging #4403 into master will decrease coverage by 0.03%. The diff coverage is 37.59%.

@@            Coverage Diff             @@
##           master    #4403      +/-   ##
==========================================
- Coverage   47.09%   47.06%   -0.04%     
==========================================
  Files         714      717       +3     
  Lines       43168    43432     +264     
  Branches     1741     1741              
==========================================
+ Hits        20332    20440     +108     
- Misses      20928    21065     +137     
- Partials     1908     1927      +19

Impacted Files	Coverage Δ
cmd/frontend/db/external_services.go	9.82% <0%> (-0.46%)
enterprise/cmd/frontend/db/external_services.go	100% <100%> (ø)
pkg/extsvc/bitbucketserver/client.go	33.45% <4.87%> (-16.86%)
enterprise/cmd/frontend/internal/authz/init.go	67.85% <57.14%> (-3.58%)
pkg/extsvc/bitbucketserver/testing.go	63.63% <63.63%> (ø)
...rontend/internal/authz/bitbucketserver/provider.go	69.33% <69.33%> (ø)
...d/frontend/internal/authz/authz_bitbucketserver.go	72.72% <72.72%> (ø)
web/src/components/shared.tsx	78.94% <0%> (ø)
shared/src/commandPalette/CommandList.tsx	33.33% <0%> (ø)
... and 3 more

Created by: tsenart

@beyang: I will address your feedback post-merge, if you happen to have any.