[5.x] New "Global Login" feature and fix auth redirects

[joelbutcher]

This PR addresses a number of things:

1. It tightens security around login via a new 'global-login' feature. This is disabled by default, so apps that have previously supported logging users in from pages other than the "login" page will need to enable this feature before releasing
2. It allows developers to define specific redirect paths for post login / registration:

    'redirects' => [
        'login' => RouteServiceProvider::HOME,
        'register' => RouteServiceProvider::HOME,
        'login-failed' => '/login',
        'registration-failed' => '/register',
        'provider-linked' => '/user/profile',
        'provider-link-failed' => '/user/profile',
    ],

3. Resolves hardcoded to redirect to /dashboard if laravel breeze #322
4. Refactors the AuthenticateOAuthCallback to improves readability and reduce complexity

[thumbtech]

Greetings ... FWIW this one broke my site hard since I have multitenant site using subdomains with redirect URI's coming back to base domain before hopping back to subdomain. Feature globalLogin did the trick, so all's well there ... I just think the docs need to catch up ... it took me a while to figure this out following the composer update!

What I'd like to understand is what is the actual security concern that was addressed here? Between the session and provider callbacks it would seem there is not much wiggle room. What is the (implied here) potential exploit available with globalLogin enabled?