README.md: reorganize README

* Highlights that dex is NOT a user-management system.
* Highlights ID Tokens as dex's primary feature.
* General cleanup.

Update kubernetes.md

fixed typo

Documentation: add a doc describing how to use dex

*: update maintainers

Dex on Kubernetes with RBAC authorization - documentation updated

connector/saml/testdata: fix bad status test case

README: add section about reporting security vulnerabilities

It was pointed out by @davidillsley that we don't point this out
anywhere in our docs.

Fix two typos

Signed-off-by: zhuguihua <zhuguihua@cmss.chinamobile.com>

Change storace to storage in cmd/dex/config.go,
change userSearch to groupSearch in connector/ldap/ldap.go

*: update grpc and correct protobuf generation

Turns out that manually setting PATH in the Makefile doesn't work
so we've been using the protobuf plugins installed on the host. Fix
this by specifying plugins by path.

Updated documentation for dex on k8s when RBAC authorization is used

connector/ldap: support the StartTLS flow for secure connections

When connecting to an LDAP server, there are three ways to connect:

1. Insecurely through port 389 (LDAP).
2. Securely through port 696 (LDAPS).
3. Insecurely through port 389 then negotiate TLS (StartTLS).

This PR adds support for the 3rd flow, letting dex connect to the
standard LDAP port then negotiating TLS through the LDAP protocol
itself.

See a writeup here:

http://www.openldap.org/faq/data/cache/185.html

Notice this when inspecting the code coverage results. For some
reason this test wasn't triggering the bad status code path, maybe
due to signature validation. Removing the comment fixed the code
coverage.

server/rotation.go: avoid displaying the "keys already rotated" error

connector/ldap: fix case where groups are listed on the user entity

*: promote SAML to stable

This means we no longer refer to it as "experimental" and wont make
breaking changes.

connector/github: add support for github enterprise.

*: add GitLab connector to README

Support schemas that determine membership by having fields on the
user entity, instead of listing users on a groups entity. E.g. the
following schema is now supported when it wasn't previously:

    cn=eric,cn=user,dn=exapmle,dn=com
    objectClass=myPerson
    cn: eric
    uid: eric
    email: eric@example.com
    memberOf: foo
    memberOf: bar

    cn=foo,cn=group,dn=exapmle,dn=com
    objectClass=myGroup
    cn: foo

    cn=bar,cn=group,dn=exapmle,dn=com
    objectClass=myGroup
    cn: bar

connector/ldap: add LDAP integration tests

connector/saml: clean up SAML verification logic and comments

Fix entityIssuer -> ssoIssuer typo