GetUserBuckets change for SAML

Summary:
See MB-62604 for details.
A SAML authenticated user's information is not fully captured by the user name and domain (contained in cb-on-behalf-of header). To fix this, I've added an additional cb-on-behalf-extras header) containing additional authentication context.

If the service uses AuthWebCreds and functions in the Creds interface, nothing needs to be changed.

But Query also uses GetUserBuckets(string user, string domain) which do not belong to the Creds interface and are missing the additional context that is needed.
I've added a new function GetBuckets() to the Creds interface.

Query uses GetUserBuckets in two ways:
(1) GetUserBuckets on <Creds obj>.User().
Creds.User() remains unchanged and returns only the username and domain.
In those places, please use <Creds obj>.GetBuckets() instead.
Creds.GetBuckets() will automatically pass fields that are needed to be able to query user buckets (username, domain and the newly added context to Creds).
I've tested this using:
https://review.couchbase.org/c/query/+/214616
and it works.

(2) GetUserBuckets passing username and domain.
I think this is only used in serverless. I'm retaining this function for now but would like to remove it if possible.
If GetUserBuckets(username, domain) continues to be used, note that the credentials may be incomplete (as in MB-62604). But if this is used only for serverless, we probably don't need to be concerned for 7.6.3.

Also, if you do forward cb-on-behalf-of requests to other services, please make sure that the auth headers (cb-on-behalf-of and cb-on-behalf-extras) are retained while forwarding. Both are needed for ns_server to determine privileges for a user (user, domain in cb-on-behalf-of header and context in cb-on-behalf-extras).
I think this is already the case but haven't confirmed.