Migrate dokuwiki away from Keycloak

[e1mo]

Migrating away from Keycloak is, from a technical point of view, quite easy:

1. Ensure users have valid E-Mail addresses in the Keycloak.
2. Remove plugin.oauth.singleService. Users can now login with both Keycloak and plain auth and set a password for their plainauth user.
3. After some time set authtype = "authplain" and remove/disable the oauth and oauthkeycloak plugin. Users which did not set a password in the previous step can trigger a password reset.

However, we somehow need to handle registrations for the Dokuwiki. Just leaving them open will (and did in the past) invite spam bots. Thus we need to decide with which (combination) of these options we want to take:

• manual approval for write access (Add @confirmed ACL with ACL of upload or delete, no extra permissions @user)
• Plugins like preregister, optionally with captcha (especially their honeypot support). However, accessibility is a concern.

What do we want to do in the end?

[dasPolygon]

we think manually approving users might actually be the best option.
We also can imagine feeling responsible for this.