support access control using additional claims in id_token

[weinong]

in some OIDC provider such as Azure Active Directory it's possible to configure the client application to emit groups claim (or roles claim). For instance, this and that. With these claims, we can implement access control so that only ones in the selected group can access the sensitive resources protected by Ambassador API gateway.

Since I have already implemented this feature in my fork, I'm happy to send a PR if you think it's useful.

[muscovitebob]

Hello @weinong would you be wiling to share a URL to this fork?