Extend SCIM to support Zulip

After our initial SCIM implementation which was fully focused on Nextcloud, we should now extend it to support Zulip.

• Add database columns to store scim information (url and token) per app.
• Decide how to populate those columns:
  • For add-on/non-core apps, we could configure this from the stackspin-apps-custom configmap.
  • For core apps, we could do the same, but it's a bit awkward because the flux variable with the secret would have to be shared between the app and the dashboard. It would be nice if the dashboard doesn't have to know anything about the app. Maybe have stackspin-scim-$appslug secrets? Those can be generated by a StringSecret generator that's part of the app kustomization. The dashboard can read those at start-up, fetching them based on the app names it gets from the stackspin-apps{,-custom} configmaps, and populate the database from there. We would also need to run that process after installing an app.
  • Populate database fields from secrets.
  • Add helper function to create JWT token based on jwt property in secret.
  • Create secrets using secret generators.
• Set up routine to configure apps for scim.
  • For Nextcloud, this means setting a secret via php occ, creating a JWT token using the same secret, and storing the token in the database. Note that the php occ can only be done once Nextcloud is running.
  • For Zulip, this means adding settings to settings.py. We can do this statically maybe to make this easier, though the settings do include the Zulip subdomain :/ so we have to use the flux variables for that.
• Change provisioning to read per-app scim config from database.
• Make Nextcloud-specific behaviour (user IDs prefixed with stackspin-, etc.) depend on app.