Implement Microsoft (Azure AD) connector

Specify Java package for dex Protobuf API

Microsoft connector now provides support for 'groups' claim in case
'tenant' is configured in Dex config for the connector. It's possible to
deny user authentication if the user is not a member of at least one
configured groups.
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>

connector/microsoft implements authorization strategy via Microsoft's
OAuth2 endpoint + Graph API. It allows to choose what kind of tenants
are allowed to authenticate in Dex via Microsoft:
  * common - both personal and business/school accounts
  * organizations - only business/school accounts
  * consumers - only personal accounts
  * <tenant uuid> - only account of specific tenant
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>

show "back" link for password connectors

README.md: remove milestones link

This way, the user who has selected, say, "Log in with Email" can make up
their mind, and select a different connector instead.

However, if there's only one connector set up, none of this makes sense -- and
the link will thus not be displayed.
Signed-off-by: Stephan Renatus <srenatus@chef.io>

password connectors: make prompt configurable

This allows users of the LDAP connector to give users of Dex' login
prompt an idea of what they should enter for a username.

Before, irregardless of how the LDAP connector was set up, the prompt
was

    Username
    [_________________]

    Password
    [_________________]

Now, this is configurable, and can be used to say "MyCorp SSO Login" if
that's what it is.

If it's not configured, it will default to "Username".

For the passwordDB connector (local users), it is set to "Email
Address", since this is what it uses.
Signed-off-by: Stephan Renatus <srenatus@chef.io>

*: update maintainers

*: Go 1.7 no longer supported and updated build image to 1.9

Add etcd backed storage

This explicitly adds struct tags for etcd storage instead of implicitly
depends on yaml/json config serialization.

This adds references to etcd storage, including:
- only supports etcd v3
- list of options and their meanings when connecting to etcd cluster

This patch uses docker to run an etcd container in travis CI so we can
run storage/etcd conformance tests.

Add tectonic-ldap matching rule to ldap icon.

Add tectonic-ldap matching rule to ldap icon. Fixes an issue where the ldap icon was missing in the tectonic console.

*: run kubernetes tests in travis

This change vendors github.com/coreos/etcd related packages to support
etcd storage implementation.

This patch adds etcd storage implementation. This should be useful in
environments where
- we dont want to depends on a separate, hard to maintain SQL cluster
- we dont want to incur the overhead of talking to kubernetes apiservers
- kubernetes is not available yet, or if kubernetes depends on dex
to perform authentication and the operator would like to remove any
circular dependency if possible.

connector/oidc: remove test that talks to the internet

connector: implement LinkedIn connector

The previous test doesnt actually testing ListConnectors code. For
example the following pseudocode will pass the test:

```
ListConnectors() { return nil, nil }
```

Instead change to actually fetch and compare list of connectors,
ordering by name

Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>

Do Refresh() by querying user's profile data.

Since LinkedIn doesn't provide refresh tokens at all, and the access
tokens have 60 days expiration, refresh tokens issued by Dex will fail
to update after 60 days.
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>

connector/linkedin implements authorization strategy via LinkedIn's
OAuth2 endpoint + profile API.

It doesn't implement RefreshConnector as LinkedIn doesn't provide any
refresh token at all (https://developer.linkedin.com/docs/oauth2, Step 5
— Refresh your Access Tokens) and recommends ordinary AuthCode exchange
flow when token refresh is required.
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>

authproxy.md: strip X-Remote-User

authproxy: update docs and set a userID

follow-up for https://github.com/coreos/dex/pull/1100

Implement the “external” connector (for Apache2 mod_auth etc.)