Merge all configuration

[DiamondJoseph]

Parked while I return to DLS work.

• Authenticator, AccessPolicy, Tree deserialization modified to behave like a discriminated union
• Impls of AccessPolicy directly extend it for type checking purposes
• Authentication top level of config merged into Settings object
• Tree -> Trees in Settings object* [not sure about this- presumably there is a MapAdapter type that can hold a list of MapAdapters and be a root Tree instead?]
• Authenticator.providers + Authenticator -> Authenticators in Settings object (until can reduce down to 1)
• AccessPolicy on root of Settings documented* [not sure about this- re: Tree above, if root Tree object can put access policy on that]
• AccessPolicy for individual trees moved out of MapAdapter object* [not sure about this- do we need on MapAdapter? Or just pass in the Tree + AccessPolicy + Path into functions that check access]

Checklist

• Add a Changelog entry
• Add the ticket number which this PR closes to the comment section

[DiamondJoseph]

todo: move MapAdapter into Settings

[DiamondJoseph]

This needs to be fully qualified now

[DiamondJoseph]

This needs to be fully qualified now
Find and replace type: catalog

[DiamondJoseph]

Pass tree into Settings

[DiamondJoseph]

todo: Can AccessPolicy impls be made BaseModels, like Authenticators are? To ensure deserialization behaves

[DiamondJoseph]

Is "direct" another word like Authentication that needs to be excised?

[DiamondJoseph]

todo: Make this a validator for the class- currently only distinguishes the case where secret_keys has been explicitly set as an empty list or database uri has been explicitly set to blank, we need to check that those keys have been explicitly set at all.

[danielballan]

We anticipate that access_control become a server-wide singleton, like authentication, instead of a setting applied separately to each tree. #951