Previously the default was not to remove an sso user from a team or as
an admin if they were removed from the SSO service. This changes that
and updates some readme-type lines.
This adds a field to the user object to denote whether and what kind of
user account it is.
For normal accounts this field will be null.
For social auth accounts it will be "social"
for radius accounts it will be "radius"
This change also prevents a radius user from changing their local
password thus bypassing the password caching feature of django-radius
* Move auth backends into sso app.
* Add support for mapping social auth users into organizations and teams.
* Return social auth backends in a consistent order in the API.
* Remove custom SAML attribute mapping and use options provided by PSA.
* Add pipeline function to raise an exception if no user has been found or created; added comments on how to disable new user creation.
* Add comments for defining a custom social auth pipeline function.
