Add authentication via devise

[murny]

This is the first of a few PRs to help replace the basic authentication we have for CMS Admin (more info here #551)

In this PR we added specifically:

• Devise which is a popular ruby gem for managing authentication for users stored in the database.
• Admin table which will hold the users data
• Configuration and setup of Devise
  • we removed "Registerable" concern as we don't want users to "Sign up" new accounts
  • we added the "Trackable" concern as we want to have some extra metadata on user sign ins
  • Everything else is pretty much the default configuration of Devise

Here is a quick overview of what this gave us:

When you first go to http://localhost:3000/admin to view the Admin area of the CMS you will get booted to the login screen:

You can login via the user we created in the seeds, on this form use the email: "[email protected]" and password: "password" and hit the login button.

You will now be redirected to the Admin CMS dashboard:

That's it. This replaces the Basic auth flow, and we now have personalized Admin accounts in the database which people can log into the Admin CMS.

Some improvements could be:

• Fix broken tests, switch from my basic auth helper to devise test helper and update tests
• Add more tests for admin model and critical sign in flow (if needed)
• Style the login page better (might need some margin/padding on the top of the form, etc)
• Style the flash messages for successfully signing in
• Handle error state in the sign in form (I assume we not rendering flash messages here in our application layout)
• add ability to logout (I have added this in Add admin crud UI #626 )
• Devise includes a "forget password?/reset passwords" workflow. This does work. However, will probably need some configuration in Production as we need to be able to send emails. Also the views for these forms will need some love just like the sign-in form (padding/margin, styling of error messages/flashes etc).

Future work:

• Bring in Omniauth and Omniauth Saml gems to be able to use Ualberta Login (there should be plenty of guides for adding Omniauth in Devise (e.g https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview) and for Ualberta Login can refer to how we did it in Jupiter (will need to share SAML metadata with IST).
• Provide a way to provision admins easier? Ability to invite admins perhaps (maybe https://github.com/scambra/devise_invitable?)? (Add admin crud UI #626 adds a simple CRUD for creating new users, but we require something better. Devise has a bunch of plugins/guides for how to invite users. Perhaps with Ualberta Login we may have to think with how inviting users might work as well)

[murny]

Started to encounter some weird issues with installing mysql gem in this repo. Not sure if this is required anymore?

[murny]

This will need to be updated to something real (I added a note in the PR description for needing to setup emails in production)

[murny]

This is for making root_url and helpers work in comfy mexican sofa. Devise will often use root_url for various things.

[murny]

Not a bad idea to add some tests here and maybe some higher level tests to test the Sign up flows/etc.

We will have to address the failing tests as well in this PR as I have switch away from Basic Auth to Devise and will need to update the failing tests to use the devise sign in test helpers.