Support new Public User API, drop Norman User

[richard-cox]

SURE-8138

RFD 011: User Public API

Epic: rancher/rancher#49572

Port usages of norman /v3/users to beefed up /v1/management.cattle.io.user

• /v3/users?me has been replaced with a POST to /v1/ext.cattle.io.selfuser (details in RFD)
• /v3/users?action=refreshauthprovideraccess has been replaced with a POST to /v1/ext.cattle.io.groupmembershiprefreshrequests with a userId of * (details in RFD)
  • Users can determine if they can call this if they have POST permissions in the associated schema
  • Permissions i think then matches the same as previously (we don't have granular per user permissions)
• /v3/users/<user id>?action=refreshauthprovideraccess has been replaced with a POST to /v1/ext.cattle.io.groupmembershiprefreshrequests with a userId of (details in RFD)
  • Users can determine if they can call this if they have POST permissions in the associated schema
  • Permissions i think then matches the same as previously (we don't have granular per user permissions)
• /v3/users?action=changepassword (admins changing any users password OR users changing their own) has been replaced by a POST to /v1/ext.cattle.io.passwordchangerequests (details in RFD
  • Users can determine if they can call this if they have POST permissions in the associated schema
  • Permissions i think then matches the same as previously (we don't have granular per user permissions)
• when showing list of users (fetched via /v1/management.cattle.io.users) ensure we filter out those with principalIds starting with system:// (/v3/users / norman does this automatically)

Afterwards there should be no usages of NORMAN.USER or references to /v3/users

[richard-cox]

Blocked on rancher/rancher#51200