Update for AuthManager
Creates a PrimaryAuthenticationProvider for actual authentication, and a
SecondaryAuthenticationProvider for checking renames and central locks
on all logins.
The loginwiki handshake is still done post-login via the existing hooks,
in no small part because trying to stick it into the login flow would
break every existing API client.
(cherry picked from commit 5782d8577ceffc5f40290704033b3a1429ec5608)