add OIDC / OAuth2 to swagger UI

Configure the OAuth2 swagger UI feature. Causes an Authorize button to appear, pre-configured with PKCS, IdP URLs and public client ID.

When redirect URI is configured correctly, login already works. Apparently, as the OAuth2 token verification is currently implemented custom and not with fastapi.security, the swagger UI does not know which endpoints are protected and need an Authorization header, so it does not inject them into the requests issued from Swagger UI.

Add a simple OIDC discovery function retrieving the authorization and token endpoints from .well-known/openid-configuration.