feature: optionally only allow login via SSO

I think it would be useful to have a way to disable password-based and passkey-based logins entirely, hiding all related functionality from the UI, and only allowing login and registration via the configured SSO method(s).

I believe that would be very useful for organizations managing Tranquil PDS via their own Single-Sign On, as it would both keep things simple for their users (by reducing UI complexity) and for the organizations themselves (by reducing attack surface and having a central place to manage authentication from).

I don't have an in-depth knowledge of ATProto at the moment, so I don't know if direct password authentication is required anywhere; maybe app passwords could be used in those places instead?