Allow self-management of user assignments by PI/manager to own project #11
Description
The ColdFront API already supports authentication via OAuth (NERC Keycloak), so it can work with a user's own account.
In the current state of our API, only administrators can manage user/group memberships (staff flag in ColdFront,) and the user registration script supports authentication only using client credentials.
We should allow PIs and managers to issue API requests with their OAuth token to manage a project are PI or have the manager role on.
(Optionally, Investigate) Another advantage for implementing assignment of users to a project through the SCIM v2 API is to also to allow the possibility of universities to integrate their own tooling into the SCIM API. There is a myriad of tools already providing support for provisioning of users and group memberships into a SCIM API as listed here http://simplecloud.info and I would bet that a lot of the university and partner organizations are already making use of SCIM already for provisioning Google Workspace, Office 365, etc.