Initial docker and nginx conf updates for keycloak

[isedwards]

This updated PR for keycloak integration uses the Flask-OIDC package with wis2box-auth (replacing a previous implementation that used oauth2-proxy independently of Flask).

Currently it requires manually changing the hard coded IP address (currently 10.211.55.15 in nginx.conf) to instead be the value of $WIS2BOX_URL.

This version uses the following branch of wis2box-auth which interfaces to keycloak using Flask-OIDC: https://github.com/isedwards/wis2box-auth/tree/initial-keycloak

I'll submit an update later today that

• Uses envsubst to update the host URL to the value of $WIS2BOX_URL when the nginx container is built
• Includes docs for setting up the keycloak instance (currently accessed at <IP-ADDRESS>:8180).

When nginx uses the auth_request directive, this calls the wis2box-auth authorize endpoint as before. However, instead of validating a token it checks whether the current user's browser has an authenticated session with keycloak (see wis2box_auth/app.py#L69-L7 for the simplified version).

I'm in the process of replacing wis2box-auth's add_token and remove_token with an equivalent add_group and remove_group which will be used to grant access based on group membership. User's group credentials are configured in keycloak.

[tomkralidis]

Closing for now while the wis2box team is re-evaluating access control requirements.