Some identity providers (auth0 for example) do not allow to set the
groups claims and administrators must use custom claims names and add
them in the id token.
This commit adds the following configuration options:
- `oidc.groups_claim` to set the groups claim name
- `oidc.email_claim` to set the email claim name
All claims default to the previous values for backwards compatibility.
The groups claim can now also accept `[]string` or `string` as some
providers might return only a string response instead of array.
Currently the most "secret" way to specify the oidc client secret is via
an environment variable `OIDC_CLIENT_SECRET`, which is problematic[1].
Lets allow reading oidc client secret from a file. For extra convenience
the path to the secret will resolve the environment variables.
[1]: https://systemd.io/CREDENTIALS/