Support authn and authz for Bitbucket Server

Created by: beyang

Feature request description

Support authentication and repository authorization enforcement via Bitbucket Server. This is analogous to the way we support authn/authz for GitHub and GitLab.

This would enable Sourcegraph users to sign in with their Bitbucket Server accounts. Thereafter, the Bitbucket Server user would be associated with their Sourcegraph user and this will be used to enforce repository permissions (as defined by Bitbucket Server).

Implementation questions / customer asks

A wrinkle in this is that Bitbucket Server doesn't yet support OAuth2, which is the favored authentication mechanism for GitHub and GitLab. BBS does support OAuth1, but via Atlassian "application links". The broader question here is whether BBS should be treated as an identity provider at all or if something like Atlassian Crowd (or another SSO provider) should be used. If BBS is not the identity provider, then we'll need to map the SSO identity to the BBS user identity somehow (probably through the BBS API, if it supports user lookup by external ID). The actual permissions lookup can probably be done with this endpoint: https://confluence.atlassian.com/bitbucketserverkb/how-to-report-on-permissions-by-using-rest-api-endpoints-858696596.html.

The ask for customers that use BBS is to describe your current authentication setup and needs. Specifically,

What is the source of truth for SSO / user identity within your organization? (e.g., Okta, Atlassian Crowd, LDAP, OneLogin, Auth0, Google Auth, or something else?)
How do you log into BBS? If not via the identity source of truth specified above, please describe.
Do you have repository permissions that you'd like to enforce on Sourcegraph? What is the source of truth for repository permissions? If it's not BBS, please describe.

Customers and orgs who have a need for Bitbucket permissions: