Add admin panel option to enable/disable SSO only mode

[e-five256]

This add a new admin panel option to enable/disable SSO only mode, which was previously only able to be done via modifying the .env file

Because it already exists as an environment var, we should be able to use it to populate the value in the settings DTO safely (this differs from previous settings where I've said we trend away from declaring new env vars, everyone should already have this one even if it's just SSO_ONLY_MODE=)

So the hope is for those that run with SSO_ONLY_MODE=true, this should populate to the DB correctly and already default to true

~(This doesn't seem to be working currently, the code reads like it should default to the env var, and sometimes I'll have the DB setting put into my DB, but other times I don't. I have yet to see it enter the DB as true, so that makes this risky for people running with SSO only mode currently enabled. Not sure if there's a great way out of this situation, maybe a migration that automatically inserts it to the settings table if that's possible)~

It does seem to work, but it feels kind of flaky. Right now I don't have the setting in my DB, rebuilt as SSO_ONLY_MODE=true in .env, and it correctly shows the admin panel as checked. So I think it is working, but maybe is worth noting for people that it's worth double checking the setting was saved if this change is pulled in

---

This is partly being done as I believe admins should be able to run their instance from the UI, of course, but also to make it easier to grab this setting as I need it in multiple components for #706 as I started to run into the limit of what I could do with SASS doing things like has child/sibling selectors based on whether a form appears on the page at all, it'd be easier to just only add things based on whether the site is in SSO only or not