feat(oidc): implement device code flow with refresh tokens

[pree]

Implemented oidc using the device code flow and made it generic oidc, instead of Keycloak dependent.

Config changed a bit, but migration is in place and doesn't need user interaction:

{
    "username": "test",
    "timed_url": "https://timed.example.com",
    "sso_url": "https://sso.example.com",
    "sso_realm": "example",
    "sso_client_id": "timedctl",
}

to:

{
    "username": "test",
    "timed_url": "https://timed.example.com",
    "sso_discovery_url": "https://sso.example.com/realms/example",
    "sso_client_id": "timedctl",
}

[github-actions[bot]]

Alex Recommends Report

Alex recommends the following language changes, but Alex is a regular expression based algorithm, so take them with a grain of salt.

README.md

Level	Location	Word	Recommendation
:warning:	16:24	just	just may be insensitive, try not to use it

[Melkor333]

This PR fixes the invalid token issue for me as well. Thanks! 🥳 Would be nice if this could be merged. I hijacked it a bit and updated the nix flake in this branch as well 😇

[pree]

Thanks @Melkor333! Let's push to get this reviewed :)

[c0rydoras]

AFAICT we can now drop oidc.py from libtimed right?