Add support for letting admin users imporsonate other users

[jkuester]

Is your feature request related to a problem? Please describe.

Proposed by @kennsippell on Slack

It'd be great if an admin can "login-as" a user and experience the app as they see it without needing their password. Until we have that, our tech teams will often be asking supervisors for their CHP's passwords which will defeat the point.

I think I asked for ~20-30 user's passwords today.

When troubleshooting, it is often useful/necessary for admins to be able to use the app as the user experiencing the issue.

Describe the solution you'd like

Admin users should have the ability to "login" to the app as any other user without needing to know that user's password.

From a practical perspective, I am hoping that supporting this functionality will be simplified by the current ongoing work to support SSO auth. As a part of that effort, we are trying to simplify the auth process and completely separate the api>couch communication from the actual user authentication. I think once we have done that, it should be reasonably simple to support user impersonation....

Describe alternatives you've considered

Currently, admins need the user's username/password in order to login. This results in user credentials being communicated (perhaps insecurely) and increases the chances of them being accidentally exposed. We have done a ton of work in #9547 to allow the user to reset their password after the first login and this is largely defeated if they have to turn around and send their new password back to the admin anytime they have trouble with something....

The current approach of providing the username/password to the admin also does not work for the token_login flow. In that case, an admin has to actually change the user's password in order to be able to login. This causes the user to be logged out on their device and they will require another token login link to be able to access the app again.