backends: Implementation of restricting certain backends by plan.

Only affects zulipchat, by being based on the BILLING_ENABLED setting.

The restricted backends in this commit are
- AzureAD - restricted to Standard plan
- SAML - restricted to Plus plan, although it was already practically
  restricted due to requiring server-side configuration to be done by us

This restriction is placed upon **enabling** a backend - so
organizations that already have a backend enabled, will continue to be
able to use it. This allows us to make exceptions and enable a backend
for an org manually via the shell, and to grandfather organizations into
keeping the backend they have been relying on.

zerver/models/realms.py

@@ -711,13 +711,12 @@ class Realm(models.Model):  # type: ignore[django-manager-missing] # django-stub
         on the server, this will not return an entry for "Email")."""
         # This mapping needs to be imported from here due to the cyclic
         # dependency.
-        from zproject.backends import AUTH_BACKEND_NAME_MAP, all_implemented_backend_names
+        from zproject.backends import AUTH_BACKEND_NAME_MAP
 
         ret: Dict[str, bool] = {}
         supported_backends = [type(backend) for backend in supported_auth_backends()]
 
-        for backend_name in all_implemented_backend_names():
-            backend_class = AUTH_BACKEND_NAME_MAP[backend_name]
+        for backend_name, backend_class in AUTH_BACKEND_NAME_MAP.items():
             if backend_class in supported_backends:
                 ret[backend_name] = False
         for realm_authentication_method in RealmAuthenticationMethod.objects.filter(