Add affiliation to user profile attributes

[jouvin]

In several projects using IAM in France, the request was made to be able to track user affiliation as part of his user profile. It is not currently possible and no real workaround exists as the Note field that could be used temporarily is no longer exposed once the user has been validated. Affiliation is an important information to determine if a user is legitimate to request an IAM account, when you don't rely on an external source for identity vetting (like CERN HR database for CERN experiments).

The main requirements are:

• Add an affiliation field (free form text, granularity will be determined by the project) in the account creation form that can be made mandatory (probably some project will not want it).
• Expose this information in user profile so that it is easy to access it if needed, for security traceability for example
• Expose this information through the SCIM REST API related to users
• Prevent a user changing it without going through a validation workflow as it is a sensitive information for establishing trust. It would be acceptable to have this information displayed as a readonly attribute that only an IAM administrator can change in a first stage.

[enricovianello]

We can add this affiliation as a registration field, configurable as the others explained well here https://indigo-iam.github.io/v/v1.8.0/docs/reference/configuration/registration/