Clean up registrar console login flow

Replaced the plethora of inter winding access functions and inputs in SessionUtils with just 2 functions, that both accept the same type for the user (AuthResult):

guessRegistrarForUser: given an AuthResult, finds a registrar that they have access to. If none is found - a ForbiddenException is thrown.

getRegistrarForUser[Cached]: (maybe should be called getRegistrarOnBehalfOfUser?) given an AuthResult and a clientId, loads and returns the registrar ONLY IF the user has access to it. Otherwise throws a ForbiddenException.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=214630657

javatests/google/registry/ui/server/registrar/SecuritySettingsTest.java

@@ -24,7 +24,6 @@ import static google.registry.testing.DatastoreHelper.loadRegistrar;
 import static google.registry.testing.DatastoreHelper.persistResource;
 import static google.registry.util.DateTimeUtils.START_OF_TIME;
 import static java.util.Arrays.asList;
-import static org.mockito.Mockito.when;
 
 import com.google.common.collect.ImmutableMap;
 import google.registry.model.registrar.Registrar;
@@ -112,8 +111,6 @@ public class SecuritySettingsTest extends RegistrarSettingsActionTestCase {
                 .setClientCertificate(SAMPLE_CERT, START_OF_TIME)
                 .setFailoverClientCertificate(SAMPLE_CERT2, START_OF_TIME)
                 .build());
-    when(sessionUtils.getRegistrarForAuthResult(req, action.authResult))
-        .thenReturn(initialRegistrar);
     Map<String, Object> jsonMap = initialRegistrar.toJsonMap();
     jsonMap.put("clientCertificate", null);
     jsonMap.put("failoverClientCertificate", "");