[#11018] Implement Google OAuth 2.0 to replace Users API

[wkurniawan07]

Fixes #11018

This is security-related which I do not have much expertise on, so I'd appreciate all inputs.

List of things done:

• Standardized the login/logout URLs such that no more generation is necessary.
  • Two login URLs: dev server login and Google OAuth login. Both login URLs will be deployed, with redirect added for the one that should not be used in the specific environment.
  • Logout URL is the same no matter the environment.
• Designed a user cookie format to capture the user information: user email and a flag indicating whether user is admin.
• Implemented the dev server login page exactly how App Engine SDK did it behind the screen.
• Implemented OAuth 2.0 flow with configuration from Google Cloud IAM.
• Removed the admin constraint in web.xml as this "admin" privilege is coupled with the privilege in the Google Cloud IAM.
  • This is not necessarily what an "admin" means for the system, so decoupling this will also restore some business logic for us.
  • The system is not any less secure as the usual admin check (either login credential or App Engine queue name header) is still present.
• For E2E tests against production server, we do not need pre-login and using user data folder anymore. Instead we inject the user cookie (whose format we have full control) to the browser instance.
  • This is not vulnerable as the cookie is encrypted and can only be decrypted with the correct key.

Some implementation details:

• The cookie is generated by serializing a standard JSON data structure, then encrypted.
  • Cookie forgery is not possible unless the person knows the encryption key.
  • Tampering by manually changing values will not work because it will cause the cookie value decryption to fail.
  • The cookie has HttpOnly flag, and additional Secure flag for production server, and is persisted for 7 days.
• Standard OAuth 2.0 flow is used, with the state parameter containing an encrypted data structure.
  • The data structure contains redirect URL (after callback) and session ID (as a form of random string).
  • The encryption will ensure that the parameter cannot be forged or tampered.
  • Session ID will be used to confirm that the login comes from the exact same session.
• "Admin" privilege is now configured via build.properties file.
  • Only users with login credential matching the property will have admin privilege.

[madanalogy]

Didn't take a close look at E2E changes as I'm not very familiar with them. Changes otherwise looks good, just one suggestion below

[madanalogy]

LGTM