Allow the login screen to be scoped to an organisation

[tuzz]

As per the Change Proposal and the Data Model, allow the profile application's login screen to be scoped to an organisation, e.g. by passing ?organisation=<uuid> in the URL. In order to log in via this page, the user's credentials must correspond to a user that has a role assignment associated with that organisation in the database. We may also want to consider preventing users who only have a single role within an organisation from logging in on a page that isn't scoped to the organisation, although this might be overkill.

We might want to consider showing a custom logo, title, text, etc. on the scoped login page. These values could be read out of the organisations table in the database. We'd need to check with product regarding this requirement.

We might want to consider making it so that users who sign up through this scoped login page will automatically receive a role assignment associated with the organisation. We'd need to check with product regarding this requirement.