Add `/auth` endpoint to trailblazer

[seallard]

Add an endpoint in trailblazer called /auth supporting POST with a body containing a single field called code (the authorization code).

It should do the following

• Ensure the user trying to login exists in the list of users.
• Exchange the authorization code for an access token and a refresh token.
• Store the refresh token on the user.
• Return the access token (not the refresh token) to the frontend.

It is also necessary to add this callback endpoint to the allowed redirects for the OAuth client in google cloud. Google says it is necessary to encrypt tokens that are stored server side (source). I guess that makes sense in case of a data breach.

See this example implementation https://github.com/MomenSherif/react-oauth/issues/12#issuecomment-1131408898

[seallard]

I don't really see the point of encrypting the refresh tokens at rest since you still need the client secret to use it for anything. But I will do so anyway since it is a best practice outlined by google here.

[seallard]

We need to use the id token instead of the access token. We just want a token representing the users identity. There is no need for an access token. So /auth will return an id token instead.