* Auth: consistently return same basic auth errors

* Put repeated errors in consts and return only those consts as error strings

* Add tests for errors basic auth cases and moves tests to separate test-case.
  Also names test cases consistently

* Add more error logs and makes their messages consistent

* A bit of code style

* Add additional test helper

* Auth: do not expose even incorrect password

* Auth: address review comments

Use `Debug` for the cases when it's an user error

Closes #18037

Create and push the expected tag to grafana-dev repository
and use this instead for running the end to end tests
for the release.

The `oauth_state` cookie used to be created with the SameSite value set
according to the `cookie_samesite` configuration.
However, due to a Safari bug SameSite=None or SameSite=invalid are treated
as Strict which results in "missing saved state" OAuth login failures
because the cookie is not sent with the redirect requests to the OAuth
provider.
This commit always creates the `oauth_state` cookie with SameSite=Lax
to compensate for this.

* Add types and rewrite datasourceChanged to async/await

Closes #18159

* Imperative mood

The English language suggests that when giving out instructions or considerations is best to use imperative mood as the writing style. Done as part of this commit:

- some worth smithing to match this style
- changed the format to match the fact that this is commonly read as part of a text box when opening up your PRs
- and extended a few descriptions to make it more friendly for newcomers 

* Auth Proxy: Include additional headers as part of the cache key

Auth proxy has support to send additional user attributes as part of the
authentication flow. These attributes (e.g. Groups) need to be monitored
as part of the process in case of change.

This commit changes the way we compute the cache key to include all of the
attributes sent as part of the authentication request. That way, if we
change any user attributes we'll upsert the user information.

Make sure all data is sent to API to be able to select correct archive version.

The live website points to a github URL that no longer exists.

* Chore: Upgrade typescript to version 3.5

* docs: team sync

* docs: update team sync with regards to auth proxy

* Add a footnote on server-side session cache

* Docs: minor edits.

SAML Authentication is an Enterprise only feature. This change enables
the SAML login button to only be shown on enterprise.

Allow non admins to see plugins list but only with readme. Any config tabs are hidden from the plugin page. Also plugin panel does not show action buttons (like Enable) for non admins.

This changes trigger-docs-update job so that the docs build goes to production.

There is no additional risk to push a broken site in production. The docs build process is to publish to staging, then wait for a manual approval before publishing to prod.

Closes #18170
Closes #18178

* Build: fix use of env vars in parentheses execs

* Build: disable shellcheck rule SC2086 for a file

Follow up for 4b16cd6c

Fixes #18158

This reverts commit 0752a09f.

* Timerange: Fixes a bug where custom timeranges didn't respect UTC
Closes #18170
Closes #18178

* LDAP: improve POSIX support

* Correctly abtain DN attributes result

* Allow more flexibility with comparison mapping between POSIX group & user

* Add devenv for POSIX LDAP server

* Correct the docs

Fixes #18140