Add app authenticator

[melegiul]

• Adds Authenticator implementation for device key validation
• Adds Credential Provider implementation for storing device data
• Adds Required Action implementation for app authenticator setup

[NikoHadouken]

Open Issues

• Replace HTTP Signatures with verification of client-side generated JWT
• Verify code challenge on Action-Token-endpoint (authenticate) from the code_verifier query parameter

Todo

• [x] Delete login attempt/challenge after Action-Token-endpoint (for authenticate) was succesful called
• [x] Implement auto refresh of the Setup/Authenticate Keycloak page via Server Sent Events
• [x] Response payload of Get-Challenges-endpoint returns a list of challenges instead of a single one
• [x] Update Error Responses
• [x] Get Challenges and Reply Challenge Endpoint need to return the 409 error also when there is no login attempt. Otherweise the client does'nt know if the authenticator needs to get removed.
• [x] Remove OpenAPI spec
• [x] Rework documentation (readme)
• [x] Return clientName and clientUrl in payload of Get-Challenges-endpoint
• [ ] Consistency check on setup
• [x] Reduce expiration for the app-auth-action-token to 60 seconds
• [x] Make expiration for app-auth-action-token configurable Admin UI
• [x] Rename attribute secret in Challenge DTO to codeChallenge
• [x] Remove device_id query parameter on Get-Challenges-endpoint retrieve it from the signature