VOMS users in multiple tenants

Created by: enolfc

VOMS users are supposed to be included in a single tenant corresponding to the VO of the proxy Current implementation adds tenants to users as they authenticate so when using a unscoped token, Keystone will return as many tenants as VOs the user belongs to and has tried to authenticate to.