* Adjust JWT and SAML fetch-and-update user to save new attributes

Before this change, JWT/SAML logins would attempt to update attributes, but never considered the first-name or
last-name attributes.

* Attempts to fix tests to prevent pulluting test users with "Unknown"

* No deleting users.

* Unit tests checking that first/last names are updated for SSO users

When an SSO user is first logged in, they might not have first_name and/or last_name keys. This is allowed, but the
names will be "Unknown" in the app-db. Subsequently, a User may log in again with SSO but have fisrt/last name
attributes, which should update the Metabase user data in the app-db.

These unit tests set up such a scenario to check that the :first_name and :last_name keys are indeed updated.

* Adjust Enterprise LDAP to also use SSO-UTILS

Trying to unify the LDAP implementation with JWT/SAML a bit here.

* Lint error

* Reverting LDAP ns changes to get the PR unstuck

This is to keep the ball rolling on SSO fixes. I'll add LDAP as an item in the Epic to address this separately.

Open redirects means doing some sso with a built-in redirect, and redirecting into an unhappy place (aka, a non-MB place) afterwards so that someone gets phished or other bad things happen. This is already prevented for OSS sso's but not EE - prevents this for EE sso's by forcing redirects to be in MB `site-url` set domain.

Background:

We had two lint configs: lint-config.edn which was enfored by Github Actions, and
.clj-kondo/config.edn, the default location used by editors.


Problem:

Patchy enforcement of the (larger) config in .clj-kondo/config.edn since not
everyone uses an editor.

Some new lint, like canonical namespace aliases (#21738, #19930) is not enforced
automatically and has begun to bit-rot.

Solution:

Combine both configs, fix any outstanding lint, and update our tooling to use
the unified config.

Caveats:

Anyone who has their local editor configured to use lint-config.edn will have
their linting broken by this change.

* Make namespace aliasing consistent everywhere; enforce with clj-kondo

See the table of aliases in .clj-kondo/config.edn

Notable patterns:
- `[metabase.api.foo :as api.foo]`
- `[metabase.models.foo :as foo]`
- `[metabase.query-processor.foo :as qp.foo]`
- `[metabase.server.middleware.foo :as mw.foo]`
- `[metabase.util.foo :as u.foo]`
- `[clj-http.client :as http]` and `[metabase.http-client :as client]`

Fixes #19930.

* fix failed to sync admin group

* address noah's comments and add migration script

* document for run-with-data-migration-index

* update comments

* fix name space

* adding data_migrations tests

* add docg

* make sure we don't remove admin group if sso and ldap are not configured

* fix tests for be-ee

* fix tests for oss

* misc docs updates

* remove data-migration-index

* return some newlines

* is it failling here?

* update data_migration docs

* update data_migration docs

* fix all styling comments

* make migration to run both in oss and enterprise and make sure the tests are accounted for that

* fix failed namespace checks

* Add a comment to the test

* fix per comments

* Update permissions.clj

* tweaking with the  icon

* refactor with-temporary-raw-setting-values

* update comments

* Add extension for cert file

* address Noah's comments

* JWT Login URL configured by user may have URL parameters
Since params may already exist in the login URL, a check is performed to make sure the generated URL
with 'return_to' param formats correctly. If a param already exists, all subsequent params should
have an '&
character.

* Sorted ns to pass linting

* added issue number to test string for added context.

* Minor async require cleanup

* Sort namespaces

* changes to sync-group-memberships! and unit tests

* update jwt and saml code

* fix admin sync tests

* fix misplaced docstrings

* address review comment

* Change 400 errors to 401s on failed authentication

* remove TODO comment

* return 401 for expired JWT in enterprise code

* keep existing exception message when JWT is expired

* fix test failures

* remove comment about timeout on CI that's no longer relevant

* Record login history [WIP]

* WIP

* Add API endpoint and ugly React component

* Fix fn name

* Lookin good

* Test fixes 

* Prettier

* Test fix

* Test fixes 

* Better login history info

* Less ugly login history & tests

* Update migration numbers

* Deduplicate https-request? util function from metabase.server.middleware .session & .util

* Refactor -- new Ring request utils namespace

* Test fixes 

* Reorganize stuff a bit; API endpoint tests

* Tests for login/logout recording history

* Test fix 

* Test fixes 

* Test fix 

* Copy FE test fixture DB so it stops getting changed every time we run tests

* Test fixes 



* layout and code style tweaks

* Fix ns sorting

Co-authored-by: Kyle Doherty <5248953+kdoh@users.noreply.github.com>

* Adding the ability to sync admin groups in EE

Adds a LDAP setting for EE to enable to LDAP Administrator group syncs.

Adds the setting to admin UI to enable syncing of the admin group.

Removes two unused settings from the OSS side.

metabase/metabase-enterprise#445

* Apply suggestions from code review

Co-authored-by: Dalton <daltojohnso@users.noreply.github.com>

Co-authored-by: Dalton <daltojohnso@users.noreply.github.com>

* Proposal: no more prefix namespaces

* Fix a few missing files