[FEATURE] Introduce a ThirdParty GenericOIDC implementation.

[ghstahl]

#1320

Description

Expanding third party IDPs to have a Generic OIDC configuration.
Currently google, github, and apple are hard coded and the only external connection.

Tested against google and azureAD-enterprise.

Implementation

Copied the google thrid party implementation.
This all still uses the Hanko OAuth2 workflow. OIDC is just a highlevel wrapper of OAuth2,

The big difference.

1. Use the OIDC discovery to get all the needed urls (tokenendpoint, userinfo, etc)
2. Allow scopes to be configured. These external OAuth2 idps can require different ones. i.e. AzureAD
3. Start thinking about putting more data into the ThirdParty configs.
   Metadata: map[string]string, used primarily by the frontend as a way to have an open ended configuration attached to the IDP.
   ImageRef: where to pull the logo from.
   DisplayName: The current usage of using the lookup key as the display name should be expanded.
   etc.

Example Config for the third party.

third_party:
  redirect_url: http://localhost:8000/thirdparty/callback
  error_redirect_url: http://localhost:8888
  allowed_redirect_urls:
    - http://localhost:8888**
    - http://localhost:3000**
  providers:
    google:
      enabled: true
      client_id: 1096301616546-edbl612881t7rkpljp3qa3juminskulo.apps.googleusercontent.com
      secret: GOC**[REDACTED]**
    github:
      enabled: true
      client_id: e489eb4f05e9f247d8ad
      secret: 1bb**[REDACTED]**
  generic_oidc_providers:
    google_oidc:
      authority: https://accounts.google.com
      #display_name: Google(Generic OIDC Provider)
      enabled: true
      client_id: 1096301616546-edbl612881t7rkpljp3qa3juminskulo.apps.googleusercontent.com
      secret: GOC**[REDACTED]**
      scopes: "openid profile email"
      require_provider_email_verification: true
    mapped_staff_oidc:
      authority: https://login.microsoftonline.com/590**[REDACTED]**/v2.0
      #display_name: Mapped Staff (Generic OIDC Provider)
      enabled: true
      client_id: 3b918868-9bff-431f-bd9c-f9896d628e6b
      secret: hU4**[REDACTED]**
      scopes: "openid profile email User.Read"
      require_provider_email_verification: false
      hidden: true
      metadata:
        a: "b"
        c: "d"

Tests

Manually tested against google and azureAD.

Todos

This is more of a UI frontend thing, but idp lookup keys and display names are different.
The /.well-known/config needs to return more information about the IDP. i.e. the lookup key, displayName, metadata, etc.

Additional context

[ghstahl]

Testing with Microsoft Social

    microsoft_social:
      authority: https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0
      display_name: Microsoft Social
      enabled: true
      client_id: 0f81aa6c-b280-4503-b130-adc0567bfbe4
      secret: gN~***[REDACTED]***
      scopes: "openid profile email User.Read"
      require_provider_email_verification: false
      hidden: false
      metadata:
        a: "b"
        c: "d"

[lfleischmann]

Implemented with #1984