Add the minimum amount of functionality to make Prometheus multi-user

@juliusv said he could whip something up in an afternoon that will be useful to people.

/cc @JobV @bjk-gitlab

While multi-user Prometheus is interesting, I think we should stick to single-user for now.

When it comes to multi-tenancy issues, my view is that the industry is moving towards application namespaces. Kubernetes and cloud service systems are the "integration point" for multi-tenancy issues.

Prometheus is per application, not per user.

Per user is still a problem. Maybe want OAuth that ties back to GitLab. But no need to make it Prometheus specific. Can use GitLab OAuth provider to give yes/no access. Can go fancier and build ACL. Just do yes/no for people doing ad hoc queries. Just http proxy.

But should not use Prometheus for most reads. Reads happen with graphs in GitLab. And Grafana.

We will need support for user/group restrictions in oauth2_proxy.

Ben doesn't think it should be a priority. Make it usable first, then when people need it locked down do that. I agree.