GitLab

This adds three new XMLRPC user management APIs:

• system.get_all_users to find out which users are registered on this LAVA instance.
• system.set_user_active to lock and unlock accounts on the LAVA instance.

Both APIs require a token from a user with staff access. This uses the same @check_staff decorator as !1854 (merged).

The background here is our ongoing attempt to integrate LAVA more fully into a SSO environment, where OIDC only takes us so far in terms of things like account locking and access by use of user tokens.