Introduce "service account" or user group concept

[soxofaan]

This comes out of discussions about "machine-to-machine" auth, like https://github.com/openEOPlatform/architecture-docs/issues/134 . The question/request is still a bit vague to be honest, but I just wanted to plant a seed here.

The openeo API currently has a user concept, and because of how OIDC works (the recommended auth mechanism in openEO) this pretty much corresponds 1-on-1 to a real person that interacts with a computer or other device.

Often in use cases however we see the need for a less strict "user" definition, for example:

• (as discussed before) automated, "machine-to-machine" workflows
• multiple persons acting "interchangeably" in a group on the same project

As noted before, this might be primarily an authentication problem that has to be solved on the level of OIDC.
Still, I'm wondering if there are some places in the openEO API where we might want to eliminate or avoid implicit "user==real person" assumptions.

[m-mohr]

Can you point me to where the openEO API assume a real person? I don't see specific action items to work on right now.