Document default `authentik_certificate_key_pair` relationship to `authentik_provider_oauth2`.`signing_key`

[hh]

I was working with the authentik_provider_oauth2 resource, and left the signing_key blank.

When creating a provider via the web UI, the value for signing_key defaults to "authentik Self-signed Certificate".

If you fail to set signing_key and leave the default empty string, you will end up with a somewhat cryptic error about a malformed jwt and an unexpected signature algorithm:

{
"message":"Failed to verify OIDC token.",
"detail":"oidc: malformed jwt: go-jose/go-jose: unexpected signature algorithm \"HS256\";
expected [\"RS256\"]"
}

It seems that authentik_provider_oauth2 would likely never work if signing_key is left to the default of an empty string.

I suggest making it required or at a minimum documenting it's usage a bit further in these two locations:

• https://registry.terraform.io/providers/goauthentik/authentik/latest/docs/resources/provider_oauth2#signing_key
• https://registry.terraform.io/providers/goauthentik/authentik/latest/docs/data-sources/certificate_key_pair#example-usage