API access with client credentials (core functionality) (#16817)

* First stab

* Delivery API client credentials + a little refactor to ensure unique client IDs

* Introduce user type

* Support user type in the Management API

* Clean up TODOs

* Update API user last login date when issuing a token

* Better error reporting for mismatched user types

* Do not allow password change or reset for API users

* Update OpenApi.json

* Revert change

* Remove obsolete comment

* Make applicable classes abstract or sealed

* Review changes

* Add endpoint for retrieving all user client IDs

src/Umbraco.Web.Common/Security/BackOfficeUserManager.cs

@@ -298,7 +298,8 @@ public class BackOfficeUserManager : UmbracoUserManager<BackOfficeIdentityUser,
             createModel.Email,
             _globalSettings.DefaultUILanguage,
             createModel.Name,
-            createModel.Id);
+            createModel.Id,
+            createModel.Type);
 
         IdentityResult created = await CreateAsync(identityUser);