Allow for multiple OIDC providers

• This will require a new provider entity to which a user is linked via one or more (iss, sub) pairs.
• One provider must be set as the preferred one, either by the user or by the administrator, for the user's identity.
• Each OIDC provider is to be set up with a client ID (iss) and a client secret which will be used to verify the JWT.