Jira Connect App: add foundations for an OAuth authentication flow

What does this MR do?

This MR sets up the initial structure to enable OAuth authentication for the GitLab.com for the Jira App (#284211 (closed)). It includes both backend and frontend changes.

The authorization follows the Proof Key for Code Exchange flow. Scan this MR's comments for 🔷 OAuth flow for a high-level breakdown of the authentication flow.

⚠ This MR is an early iteration (behind a feature flag) and is not yet intended for users. The purpose of this MR is to validate the implementation approach, and future iterations will make the feature usable, including:

• !67949 (closed)

feature flag: jira_connect_oauth

More specifically, this MR adds:

backend

• A controller with a blank index action that serves as a callback page for the OAuth flow.
• A helper that generates all necessary data for frontend
• Some developer documentation that explains how to set up the feature in a development environment

frontend (encapsulated in !68720 (merged) which merged into this MR):

• refactors the jira_connect_app so that there are now 2 apps: app_legacy and app_oauth. The app-to-render is determined by the presence of a particular element defined in HAML; in practice, the app_oauth app will be used when the jira_connect_oauth feature flag is enabled (disabled by default). Otherwise, app_legacy is used.

Screenshots or Screencasts (strongly suggested)

jira-connect-demo

Here is how OAuth using PKCE should work:

Here is a series of videos that show how we came up with the logic for this feature:

1. Pairing session 1
2. Andy showing investigation results
3. Pairing session 2

How to setup and validate locally (strongly suggested)

See the development guide to install the Jira app in a development environment.

In GitPod:

1. Start a Gitpod and open the rails console bundle exec rails console
2. Enable the feature flag Feature.enable(:jira_connect_oauth)

On the GitPod's GitLab instance:

1. Go to admin -> applications
2. Create a new app with, Name: Jira Connect, Redirect URI: YOUR_GITPOD_INSTANCE/-/jira_connect/oauth_callbacks, Scopes: api, Trusted: No, Confidential: No
3. Copy Application ID
4. Go to gitpod.io/variables
5. Create a new variable with name JIRA_CONNECT_OAUTH_CLIENT_ID, scope */* and paste the Application ID as value.

Does this MR meet the acceptance criteria?

Conformity

• I have included changelog trailers, or none are needed. (Does this MR need a changelog?)
• I have added/updated documentation, or it's not needed. (Is documentation required?)
• I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?)
• I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?)
• I have self-reviewed this MR per code review guidelines.
• This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines)
• I have followed the style guides.
• This change is backwards compatible across updates, or this does not apply.

Availability and Testing

• I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.)
• I have tested this MR in all supported browsers, or it's not needed.
• I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.