admin API: add user to existing group

[redshiftzero]

This should be a new API endpoint in https://github.com/redshiftzero/securedrop/tree/signal-proto that allows admins only to add a new user to an existing group.

Since sources cannot be admins, this endpoint only needs to be added to the journalist/admin v2 API endpoint. For a similar endpoint, see here.

To close this issue, there should be a new API endpoint, and either a test or an addition to a new client code admin.py in this repository that exercises the endpoint.

The logic should be as follows:

1. Execute AuthAsGroupMember operation (done in the auth_as_group_member() function).
2. (client) Encrypt new user’s UID to create UidCiphertext using GroupSecretParams.
3. Send to server with the desired role (is_admin or not).
4. Server verifies the authenticated user’s Role (selected using the UidCiphertext from the provided AuthCredentialPresentation) lets them add users.
5. Server checks the new UidCiphertext is not already in the group. If it is, and it changes the role, we make that change. Else, the server adds the user to the group.