Update for AuthManager

Creates a PrimaryAuthenticationProvider for actual authentication, and a
SecondaryAuthenticationProvider for checking renames and central locks
on all logins.

The loginwiki handshake is still done post-login via the existing hooks,
in no small part because trying to stick it into the login flow would
break every existing API client.

Bug: T110283
Change-Id: Ia60d92f9e08740e1f76a3744147b93a7636ae09e
(cherry picked from commit 5782d8577ceffc5f40290704033b3a1429ec5608)