Documentation: add document on the dex API

contrib/openldap: remove OpenLDAP container

Based on #640 we're going to osixia/openldap instead of rolling our
own container. Removing this work for now. If we want it back we can
revert easily enough.

storage: update godocs

connector/ldap: fix bug in switch statement

*: allow call connectors to share a single a single callback

storage/kubernetes: allow arbitrary client IDs

Use a hash algorithm to match client IDs to Kubernetes object names.
Because cryptographic hash algorithms produce sums larger than a
Kubernetes name can fit, a non-cryptographic hash is used instead.
Hash collisions are checked and result in errors.

storage/conformance: add tests for transactional guarantees

scripts: fix get-protoc script to work directly after a clean

Right now `make grpc` only works if a user hasn't run a `make clean`.
Fix this.

connector/ldap: expand LDAP connector to include searches

Documentation: adding documentation for running ldap tests locally

"state" means something specific to OAuth2 and SAML so we don't
want to confuse developers who are working on this.

Also don't use "session" which could easily be confused with HTTP
cookies.

Let the server handle the state token instead of the connector. As a
result it can throw out bad requests earlier. It can also use that
token to determine which connector was used to generate the request
allowing all connectors to share the same callback URL.

Callbacks now all look like:

    https://dex.example.com/callback

Instead of:

    https://dex.example.com/callback/(connector id)

Even when multiple connectors are being used.

server/handlers: fix Cache-Control header

fixes: #636

This commit addresses a problem where the `max-age` value is being set
in nanoseconds as opposed to seconds, as required by the specification.

Documentation: add a document on storage options

Merge pull request #626 from ericchiang/storage-kubernetes-guess-namespace-from-service-account-token

storage/kubernetes: guess namespace from the service account token

*: expand environment variables in config

storage/kubernetes: set CurrentContext when the Kubeconfig file contains only one context

storage/kubernetes: don't automatically print errors on bad HTTP status codes

storage/kubernetes: don't guess the kubeconfig location and change test env

Using the default KUBECONFIG environment variable to indicate that
the Kubernetes tests should be run lead to cases where developers
accidentally ran the tests. This has now been changed to
"DEX_KUBECONFIG" and documentation hsa been added detailing how to
run these tests.

Additionally, no other storage reads environment variables for its
normal configuration (outside of tests) so the Kubernetes storage
no longer does.

Overall, be less surprising.

These status codes spam the error logs for events like key rotation
and third party resource creation. In these cases "bad" status codes
are expected and shouldn't be automatically printed.

Allow users to define config values which are read form environemnt
variables. Helpful for sensitive variables such as OAuth2 client IDs
or LDAP credentials.

The in cluster kubernetes client currently requires using the
downward API to determine its namespace. However this value can be
determine by inspecting the service account token mounted into the
pod. As a fallback, use this to guess the current namespace.

contrib/openldap: add an OpenLDAP Docker image for testing

*: port oob template