When a user clicks on an Omniauth login icon (e.g. Google), Rails will
translate a `link_to` URL from a GET to a POST form submission via
JavaScript. However, if JavaScript is disabled or not loaded before the
page loads, this will cause a GET request to go to the login provider
instead of POST, resulting in a 404.

To avoid this, we use `button_to` instead of `link_to`. `button_to` will
set a form submission with a POST request without JavaScript.

Closes #28904