Auth for epicsweb.jlab.org should use Keycloak

[slominskir]

This applies to all apps on epicsweb, but creating issue in wave just to put issue somewhere.

Ideally the httpd forms and sessions modules are abandoned in favor of Keycloak auth at ace.jlab.org/auth

Switch httpd mod_auth_forms to mod_auth_oidc and connect to Keycloak notes:

• https://github.com/OpenIDC/mod_auth_openidc
• https://wjw465150.gitbooks.io/keycloak-documentation/content/securing_apps/topics/oidc/mod-auth-openidc.html

[slominskir]

Note: It's also worth considering if instead of mod_auth_openidc we allow Tomcat (or otherwise app code) to handle OIDC. This is what we do on ace.jlab.org with Wildfly. App specific requires a good adapter/library though, which can be tricky to sort through:

See:

• https://www.keycloak.org/docs/latest/securing_apps/#_tomcat_adapter
• https://github.com/keycloak/keycloak/discussions/11790