Documentation: fix redirect caveat description

The redirect caveat is being removed to avoid user confusion and is
not important outside of testing.

Documentation: OIDC conformance test setup

storage/static.go: storage backend should not explicitly lower-case email ids.

*: add "getting started" example for LDAP

server: set sane bcrypt cost upper bound

connector/github: fix groups scope check when 'orgs' is populated

When connecting to GitHub Enterprise, force email verified field to true

We should always check if a user is in any orgs or teams specified
in config, and whether the groups scope is also included in client
requests. If not, return an error, because dex wouldn't have required
permissions to do the request anyway (need read:org).

connector/github: debug->info logging, informative userInOrg msg

connector/github: fix username used when making API requests

Documentation: fixed GitHub link syntax

connector/gitlab: correct scope strings, better default

Documentation: github org redirect caveat

*: add log events for login, LDAP queries, and SAML responses

connector/github: enable private, primary emails

Documentation: removed private emails caveats section

Log large bcrypt costs, error if password-hash comparison takes > 10s

connector/github: multiple orgs, query by teams

Documentation: examples of GitHub `orgs` field with multiple orgs
and org with teams; note legacy behavior

Fix documentation link

connector/oidc: fix hosted domain support.

The bcrypt hashing algorithm runtime grows exponentially with cost,
and might cause a timeout if the cost is too high. Notifying the user
of high cost and of long running calculations will help with tuning
and debugging.

Update deps