Support `response_type: ["code", "id_token"]`

[seanpdoyle]

Closes omniauth/omniauth_openid_connect#105 Similar to omniauth/omniauth_openid_connect#107

Some OpenID compatible IdP support hybrid authorizations that accept a response_type with both code and id_token.

For example, Microsoft Azure B2C accepts them as a URL-encoded array:

response_type: Must include an ID token for OpenID Connect. If your web application also needs tokens for calling a web API, you can use code+id_token.

This commit extends the OmniAuth::Strategies::OpenIDConnect to encode the response_type into the query parameter as space-delimited token list when provided as an array. Similarly, when checking for missing keys in the response, iterate over the values as if they're an array.

For the originally supported single-value case, the previous behavior is maintained.

[stanhu]

It looks like there are some minor Rubocop failures here.

[seanpdoyle]

@stanhu I've pushed up changes to resolve the Rubocop violations.