Update for AuthManager
Creates a PrimaryAuthenticationProvider for actual authentication, and a
SecondaryAuthenticationProvider for checking renames and central locks
on all logins.
The loginwiki handshake is still done post-login via the existing hooks,
in no small part because trying to stick it into the login flow would
break every existing API client.