fix(oidc): add override option for JWKS URI

[Den4200]

Description

This PR makes it so that admins can override the JWKS URI that is specified in the OIDC well-known configuration via an environment variable or config.

Related Issue

• Fixes Microsoft Entra ID access token verification fails #2677

Motivation and Context

Microsoft Entra ID is currently incompatible with OpenCloud, as their v2 issuer returns a v1 token for the MS Graph API that is signed by their v1 JWKS instead of their v2 JWKS that is referenced in their well-known configuration. See the linked issue above for more details. This fix will allow Microsoft Entra ID to be used with OpenCloud.

How Has This Been Tested?

• test environment: Locally hosted and configured with Microsoft Entra ID for OIDC
• test case: Overrided JWKS URI to test successful access token verification

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Technical debt
• Tests only (no source changes)

Checklist:

• Code changes
• Unit tests added
• Acceptance tests added
• Documentation added

[sonarqubecloud]

Quality Gate failed

Failed conditions
B Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[micbar]

@rhafer Do you have an opinion?

IMHO this doesn't do any damage.