Extension:CentralAuth/Shadow users

A longstanding issue with Extension:CentralAuth is the automatic creation of local user accounts when visiting a wiki for the first time with a global session open.

There are privacy issues with the automatic logging (as well as exposure of that info through other means), hence the long drama on 19161, and the split-out 28227 covering the issue of dealing with the lack of the logging being a potential issue for local administrators on the watch for evil usernames.

Some of these issues could mostly go away if we could remove the requirement to create a local 'user' table entry, or at least if we could delay it until some action required it.

User objects can already exist and do active stuff without an assigned id; we use them for anonymous users, where they carry an IPv4 or IPv6 address as the username but have no id.

Things that may need changing:
 * conflation of having an id and being 'logged in': $user->isLoggedIn & $user->isAnon just check the id; some other callers may be doing the same check explicitly and will need to be updated
 * auth stuff might be making id-based assumptions; check if CentralAuth requires live IDs for attachment info or if we can get away with an alternate
 * may need an on-demand way of getting a user saved to the local db when it does become time to use it: when asking for the ID number would seem reasonable, but there's likely many times where this gets asked in a viewing situation. Do we need an explicit save ping? Core and extensions would need updating to use it if so.