OIDC UserInfo support

[sberyozkin]

Fixes #8719
Fixes #8396

This PR has taken me a long time to complete, here is what it does:

• Small update to the opaque token processing (Vertx Auth checks scope from the introspection so it is checked in Quarkus too now)
• UserInfo is retrieved and optionally injected if required, initial UserInfo representation built around JSONP is done
• Access token retrieved as part of the code flow is now always verified by default - we support injecting it but we don't verify it which is not entirely safe - the docs suggest that it can be disabled if the AT is only meant for the propagation.
• For the code flow it is now possible to choose where the roles should be extracted from, id token (default), AT (it appears that quite often ID token will not have the roles but AT will), and I do recall a user having to write a custom augmentor to get the roles from UserInfo.

[sberyozkin]

@pedroigor Hi Pedro, thanks, I've missed your approval :-). I'll merge once the build goes green again. We can tweak a few things going forward for sure. Cheers

[sberyozkin]

This is fine, DevMojoIT.testResourcesFromClasspath:802 issue on Win/JDK11. Security Tests are good. But I need to check one more thing

[sberyozkin]

@pedroigor Hi Pedro, had to do a small tweak to get a better coverage of #8396 (there ID token is returned with the opaque access token). roles.source=accesstoken is tested against the JWT access token, in case of the opaque access token Vertx OAuth2TokenImpl.principal() has to be used directly. Opaque access tokens are currently tested for the service applications as it is possible to emulate. Once WireMock is supported well for testing OIDC we can do more tests easily.

[sberyozkin]

Again, looks like the same Dev test is failing, but I'll update the docs about the roles while I'm on this PR..

[sberyozkin]

OK, I've opened #10587 and will start working on it tomorrow, merging this one now