Modify group room association API to allow modification of is_public

DB schema interface for password auth providers

Make the port script drop NUL values in all tables

also includes renamings to make things more consistent.

Postgres doesn't support NULs in strings so it makes the script
throw an exception and stop if any values contain \0. Drop them
with appropriate warning.

Provide an interface by which password auth providers can register db schema
files to be run at startup

Refactor some logic from LoginRestServlet into AuthHandler

Clean up backwards-compat hacks for ldap

Start some documentation on password providers

I'm going to need some more flexibility in handling login types in password
auth providers, so as a first step, move some stuff from LoginRestServlet into
AuthHandler.

In particular, we pass everything other than SAML, JWT and token logins down to
the AuthHandler, which now has responsibility for checking the login type and
fishing the password out of the login dictionary, as well as qualifying the
user_id if need be. Ideally SAML, JWT and token would go that way too, but
there's no real need for it right now and I'm trying to minimise impact.

This commit *should* be non-functional.

Document the existing interface, before I start adding new stuff.

try to make the backwards-compat flows follow the same code paths as the modern
impl.

This commit should be non-functional.

Fix wording on group creation error

Fix typo when checking if user is invited to group

Add comment about attestations

Device deletion: check UI auth matches access token

Allow ASes to deactivate their own users

This helps ensure that the renewals of attestations are spread out more
evenly.

Add is_public to groups table to allow for private groups

Front-end proxy: pass through auth header

Support /keys/upload on /r0 as well as /unstable

Fix logcontext leaks in httpclient