Link existing platform users to the LtiUser via email lis_person_contact_email_primary payload data.

[ztraboo]

Disclaimer
This update will check to see if the LTI User coming in from these external LMSs (e.g. Canvas, Blackboard, etc) and see if that email matches one found an existing account on EducateWorkforce platform. If it locates an existing platform account, then it creates a mapping between this external LMS user and the platform user account. Otherwise, it falls back on the previous anonymous account created.

What this will allow is for someone using these external LMS systems to continue to have their progress displayed on EducateWorkforce account after they leave their schools LMS system. This would require that they already have an EducateWorkforce account ahead of time though. If a mapping between the external LMS platform user and the EducateWorkforce account have already been established, then it will use that existing platform user instead.

The reason that we wanted to get this out is that some Choose Aerospace schools have already registered their students on EducateWorkforce. This would prevent us from unenrolling those existing accounts in those courses because previously an anonymous account was used instead for course enrollment coming from these school's LMS systems.

Anytime that we add another LTI consumer (external LMS system (e.g. Canvas, Blackboard)) then we need to make sure that we enable the Auto link users using email checkbox. This will ensure that if an existing EducateWorkforce platform account exist it will try and map the external LTI user using the LTIUser.lis_person_contact_email_primary == openedx.auth_user.email field value.

Here is an example for Clemson Canvas. If this checkbox is disabled, all external LTI users from this institution will be mapped to an anonymous EducateWorkforce platform account.

Note: This code has not been fully tested with other external LMS system than Canvas. We'd need to double check that those systems pass in the lis_person_contact_email_primary field for this mapping to work. Otherwise, they just fail over to the default anonymous user mapping.

With this change the platform users who access content via LTI will
automatically be linked their platform account instead of the anonymous
account when the following conditions are met:

• the LTI Consumer should be configured to auto link the users via email
• the LTI Consumer should share the email of the user using the
  lis_person_contact_email_primary parameter in the LTI Launch POST data

Note that if there already exists a lti_provider_ltiuser mapping between the LTI Consumer and platform account it will just use that instead. You'll need to update the lti_user_id by adding a postfix of _REMOVE to the end to get a new record to insert.

Internal-ref: https://tasks.opencraft.com/browse/BB-7875
Discussion-ref: https://discuss.openedx.org/t/open-edx-as-an-lti-provider-with-canvas/10014/10

Additionally, the @xframe_options_exempt is added to allow the lti_launch view method to not worry about X-Frame-Options: SameSite from causing the LTI <iframe> to load properly due to default X_FRAME_OPTIONS = "SAMESITE" by the platform.

One of our customers Securus was having X-Frame-Options set to sameorigin. In order to prevent this restriction we're adding the decorator to except this restriction.

Decorators Used
https://github.com/django/django/blob/3c447b108ac70757001171f7a4791f493880bf5b/django/views/decorators/clickjacking.py#L46-L54

EdX Documentation on Clickjacking
https://openedx.atlassian.net/wiki/spaces/AC/pages/144441658/Clickjacking

Django Documentation on Clickjacking
https://docs.djangoproject.com/en/3.2/ref/clickjacking/