Cleanups & Improvements on initial master

[sleidig]

• [x] update README with actual description

• [x] and do we track any code quality metrics for this project as well?

• [x] add GPL licence? (or should we rather use AGPL actually?)

• [x] add (short) code comments to classes? e.g. it's not completely clear to me what Admin Controller is administrating - and why it is grouped under auth

• [x] add code comments / annotations to DTOs and endpoints for swagger docs?

• [x] main.ts // TODO restrict these cors settings, maybe through config ?

https://github.com/Aam-Digital/account-backend/blob/7700b237a0429132a8918b3e6b9601ebc3b764b7/src/auth/bearer/bearer.strategy.ts#L15-L28 is the call to the external url really necessary? Isn't JWT designed to be validated locally without requiring state/interaction from the authority issuing the token?

https://github.com/Aam-Digital/account-backend/blob/7700b237a0429132a8918b3e6b9601ebc3b764b7/src/account/account/account.controller.ts#L27

• [x] should probably move into env config?

[TheSlimvReal]

The call to the external URL is used to verify the JWT token against the realm and client which issued the token. If we would want to verify the token without Keycloak, we would need access to the public key of each realm because of the multi-tenant setup. This approach seamed easier to me as there is no high throughput expected.