OIDC: allow admins to to log in via SSO

[Shuttleu]

Summary

It would be nice to allow system admins to authenticate via an idp instead of just a username and password to help with access management when a user leaves the organisation. Maybe via a group claim or set specific mailbox users to be system administrators?

Motivation

By implimenting this, it would allow organisations to give/remove someone admin access from a single location. It would also mean when they disable their idp account, they wouldn't need to worry about forgetting to disable access from within mailcow.

Additional context

No response