Add REST API endpoints to manage users

[andreaskoepf]

Add REST API endpoints to view & edit users and to resolve internal user-ids. Untrusted (normal) api_clients must only resolve, view and edit users that were registered by themselves. Trusted api_clients can manage all users. Editing means enable/disable (new flag) and delete (also new flag). Returned user model contains global OA user id (UUID) and the api_client's 'local' username & auth_method.

Required functionality

• GET /frontend_users/{auth_method}/{username}: user by auth_method + username (+api_key which is always required)

• GET /frontend_users/: list users ordered by username, max_count (int, limit), ge (str, optional, >= comparison on username), lt (str, optional, < comparison on username), auth_method (str, optional)

• GET /users/{id}: user by global OA user_id (UUID)

• PUT /users/{id}: user by user-id (UUID), send json body with attributes to modify (currently only enabled bool is supported)

• DELETE /users/{id}: user by user-id (UUID)

[mjagkow]

Some endpoints implemented in #171

[andreaskoepf]

@mjagkow Changed client_users -> frontend_users .. as was suggested by you in the PR.

I forgot two things:

1. user-stats (if available/left outer join) should be returned a part of the user-model
2. a new field notes string should be added to the user table which should be updatable beside only the enabled flag (for admins to note why user was disabled etc.)

[olliestanley]

This is now split into tasks at #536 #537 #538

[olliestanley]

Closing this as all subtasks are completed