fix(op-app): at_hash does not match

[lucacavallaro]

List of changes

1. hash at_hash JWT payload value, using the same procedure as https://github.com/panva/node-oidc-provider

Motivation and context

When using the customKeyStore feature to sign ID tokens, the at_hash claim is not valid, causing problems during the JWT verification phase of the OIDC authentication flow.

at_hash, is described by OIDC spec as:

Access Token hash value. Its value is the base64url encoding of the left-most half of the hash of the octets of the ASCII representation of the access_token value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is RS256, hash the access_token value with SHA-256, then take the left-most 128 bits and base64url encode them. The at_hash value is a case sensitive string.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 0% with 15 lines in your changes missing coverage. Please review.

Project coverage is 46.27%. Comparing base (df7f7df) to head (2908242).
Report is 55 commits behind head on main.

Files with missing lines	Patch %	Lines
apps/op-app/src/adapters/keyvault/keystore.ts	0.00%	15 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #78      +/-   ##
==========================================
- Coverage   54.83%   46.27%   -8.56%     
==========================================
  Files         109      120      +11     
  Lines        6002     5158     -844     
  Branches      369      204     -165     
==========================================
- Hits         3291     2387     -904     
- Misses       2661     2709      +48     
- Partials       50       62      +12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

---

🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests
• JS Bundle Analysis - Avoid shipping oversized bundles