[Federation] Workbench login chooser
If cluster B is configured to permit it, federated login allows an account on cluster A to use Workbench at cluster B. In that case, Workbench B should give an unauthenticated visitor the option to log in via cluster A.
An unauthenticated visitor to Workbench B is offered a "log in" button that initiates the login procedure for cluster B. If a cluster A user clicks it, they end up creating a new cluster B account, instead of using their existing cluster A account. After #11454 they can work around this by visiting Workbench A first and following a link from the multisite search page to Workbench B, but this is not obvious or convenient.
On a cluster with remote_hosts_via_dns enabled, the login button should come with a text box where the user can type a 5-letter cluster prefix.
On a cluster with specific remote_hosts defined, the login button should come with a selector widget so the user can choose one of the defined remotes.
If both configs are enabled, both widgets should be offered. If a user types an ID listed in remote_hosts, remote_hosts has precedence over remote_hosts_via_dns. Matching is case-insensitive.
If configured for a special "home" cluster, always redirect to the login endpoint of the "home" cluster, user will still be (eventually) returned to "remote" workbench. "Home" API server needs to know to send a salted token back to the remote workbench. This should also imply honoring the "is_active" flag.
Optional: Use LocalStorage to remember which cluster was chosen, and make that the default next time.
Visual/interactivity specifics. Note there is a big dialog-like login box, plus a login button in the top nav.