auth2: Don't use session for passing multiuse invite key.

For Google auth, the multiuse invite key should be stored in the
csrf_state sent to google along with other values like is_signup,
mobile_flow_otp.

For social auth, the multiuse invite key should be passed as params to
the social-auth backend. The passing of the key is handled by
social_auth pipeline and made available to us when the auth is
completed.

zproject/backends.py

@@ -635,7 +635,7 @@ def social_auth_finish(backend: Any,
     is_signup = strategy.session_get('is_signup') == '1'
     redirect_to = strategy.session_get('next')
     realm = Realm.objects.get(id=return_data["realm_id"])
-
+    multiuse_object_key = strategy.session_get('multiuse_object_key', '')
     mobile_flow_otp = strategy.session_get('mobile_flow_otp')
     if mobile_flow_otp is not None:
         return login_or_register_remote_user(strategy.request, email_address,
@@ -646,7 +646,8 @@ def social_auth_finish(backend: Any,
                                              redirect_to=redirect_to)
     return redirect_and_log_into_subdomain(realm, full_name, email_address,
                                            is_signup=is_signup,
-                                           redirect_to=redirect_to)
+                                           redirect_to=redirect_to,
+                                           multiuse_object_key=multiuse_object_key)
 
 class SocialAuthMixin(ZulipAuthMixin):
     auth_backend_name = "undeclared"