MAS: Add option to disable new account registration via OAuth/SSO

[pl804]

Is your feature request related to a problem? Please describe.

Currently if a server is running MAS, users who log in via OAuth/SSO (e.g., Google) can register even if account registration is disabled in vars.yml.

Describe the solution you'd like

Add flag/option to disable registration via OAuth providers, in addition to the existing option that disable non-OAuth-based registration.

Describe alternatives you've considered

This option exists in Synapse OIDC (pre-MAS), thanks to @warrenbailey per this thread.

Registration via an OAuth provider unfortunately doesn't use a specific URL pattern, so blocking a path isn't an option.

This appears to be possible via the MAS policy engine & policy.wasm, but it would be amazing to have it easily configurable from the ansible playbook.