Limit external user rights on NOMAD Oasis

Currently we have three options for restricting external access to a NOMAD Oasis installation (technically 1. and 2. can be combined for even more restriction):

1. Host the Oasis behind a firewall so that only users with network access can reach the Oasis,
2. Set the oasis.allowed_users in the oasis config to enforce users logging in before being able to access the oasis and then only allowing access for the whitelisted users. If the user is not logged in they get served the following page: and if they log in but are not on the whitelist they get the following page:
3. (No-restriction) Having the Oasis completely open to the internet and allowing anyone registered on the key-cloak to create uploads and use the NORTH tools.

I believe that we need a third option that sits between option 2. and 3. which would let users not logged in and not on the white list to still access the oasis and view the published uploads. Technically, this would mean that logged in users not on the whitelist should be treated as not logged in by all the API endpoints.

This would allow institutions and labs running a NOMAD Oasis to publish and share data using custom plugins but not risk misuse of their storage and compute resources.

In practice this could be a boolean config oasis.require_login that if set true and combined with oasis.allowed_users give the current option 2. behavior. But when set to false (should be the default value) and combined with oasis.allowed_users would give the new behavior.