(core) Add account page option to allow Google login

Summary:
Enabled by default, the new checkbox is only visible to
users logged in with email/password, and controls whether it is possible
to log in to the same account via a Google account
(with matching email). When disabled, CognitoClient will refuse logins
from Google if a Grist account with the same email exists.

Test Plan:
Server and browser tests for setting flag. Manual tests to verify
Cognito doesn't allow signing in with Google when flag is disabled.

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D3257

app/gen-server/lib/HomeDBManager.ts

@@ -11,6 +11,7 @@ import * as roles from 'app/common/roles';
 import {ANONYMOUS_USER_EMAIL, DocumentProperties, EVERYONE_EMAIL, getRealAccess,
         ManagerDelta, NEW_DOCUMENT_CODE, OrganizationProperties,
         Organization as OrgInfo, PermissionData, PermissionDelta, SUPPORT_EMAIL, UserAccessData,
+        UserOptions,
         WorkspaceProperties} from "app/common/UserAPI";
 import {AclRule, AclRuleDoc, AclRuleOrg, AclRuleWs} from "app/gen-server/entity/AclRule";
 import {Alias} from "app/gen-server/entity/Alias";
@@ -432,6 +433,15 @@ export class HomeDBManager extends EventEmitter {
     await user.save();
   }
 
+  public async updateUserOptions(userId: number, props: Partial<UserOptions>) {
+    const user = await User.findOne(userId);
+    if (!user) { throw new ApiError("unable to find user", 400); }
+
+    const newOptions = {...(user.options ?? {}), ...props};
+    user.options = newOptions;
+    await user.save();
+  }
+
   // Fetch user from login, creating the user if previously unseen, allowing one retry
   // for an email key conflict failure.  This is in case our transaction conflicts with a peer
   // doing the same thing.  This is quite likely if the first page visited by a previously