Allow to configure both OIDC ID and access token verification properties

[sberyozkin]

Description

After Quarkus OIDC verifies the primary token's signature (or its status via the remote introspection), it looks at the OIDC quarkus.oidc.token configuration group which allows to request additional verification checks, for example, enforce that this token contains a specific audience, etc. Typically, when it is only an ID token in the authorization code flow or the bearer access token, then all is good.

The problem is, during the authorization code flow, when both ID and access tokens must be verified, these 2 tokens may have different audience values, or only an ID token may have an audience value (and similarly for other extra property checks). This causes side-effects such as the one found at quarkiverse/quarkus-oidc-proxy#58. This requires some workarounds, including the ones where, for example, the audience is set to a wildcard, etc...

Implementation ideas

I hate to say it, giving the massive number of OIDC properties, but I can't think of anything else but introducing one more configuration mapping interface for supporting such cases, where authorization code flow users can cleanly state that expected ID token properties are these ones and the code flow access token properties - these ones

[quarkus-bot]

/cc @pedroigor (oidc), @radcortez (config)