Oauth2 consumer (#679)

* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)

* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)

* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)

options/locale/locale_en-US.ini

@@ -5,8 +5,11 @@ dashboard = Dashboard
 explore = Explore
 help = Help
 sign_in = Sign In
+sign_in_with = Sign in with
 sign_out = Sign Out
 sign_up = Sign Up
+link_account = Link Account
+link_account_signin_or_signup = Login with existing credentials to link your existing account to these new account, or sign up for a new account
 register = Register
 website = Website
 version = Version
@@ -277,6 +280,7 @@ applications = Applications
 orgs = Organizations
 delete = Delete Account
 twofa = Two-Factor Authentication
+account_link = External Accounts
 uid = Uid
 
 public_profile = Public Profile
@@ -379,6 +383,13 @@ then_enter_passcode = Then enter the passcode the application gives you:
 passcode_invalid = That passcode is invalid. Try again.
 twofa_enrolled = Your account has now been enrolled in two-factor authentication. Make sure to save your scratch token (%s), as it will only be shown once!
 
+manage_account_links = Manage account links
+manage_account_links_desc = External accounts linked to this account
+account_links_not_available = There are no external accounts linked to this account
+remove_account_link = Remove linked account
+remove_account_link_desc = Delete this account link will remove all related access for your account. Do you want to continue?
+remove_account_link_success = Account link has been removed successfully!
+
 delete_account = Delete Your Account
 delete_prompt = The operation will delete your account permanently, and <strong>CANNOT</strong> be undone!
 confirm_delete_account = Confirm Deletion
@@ -1106,8 +1117,12 @@ auths.allowed_domains_helper = Leave it empty to not restrict any domains. Multi
 auths.enable_tls = Enable TLS Encryption
 auths.skip_tls_verify = Skip TLS Verify
 auths.pam_service_name = PAM Service Name
+auths.oauth2_provider = OAuth2 provider
+auths.oauth2_clientID = Client ID (Key)
+auths.oauth2_clientSecret = Client Secret
 auths.enable_auto_register = Enable Auto Registration
 auths.tips = Tips
+auths.tip.github = Register a new OAuth application on https://github.com/settings/applications/new and use <host>/user/oauth2/<Authentication Name>/callback as "Authorization callback URL"
 auths.edit = Edit Authentication Setting
 auths.activated = This authentication is activated
 auths.new_success = New authentication '%s' has been added successfully.