Fix OAuth issuer discovery to comply with RFC 8414 and RFC 9728

[JAORMX]

• Add support for RFC 9728 Protected Resource Metadata discovery
• Fix issuer detection to properly handle cases where the metadata URL differs from the actual issuer (e.g., Stripe's case)
• Add resource_metadata parameter parsing from WWW-Authenticate header
• Implement FetchResourceMetadata to retrieve protected resource metadata
• Add ValidateAndDiscoverAuthServer to handle issuer validation and discovery
• Update OAuth flow to use pre-discovered endpoints when available
• Fix DeriveIssuerFromRealm to validate realm as a proper HTTPS URL
• Add DiscoverActualIssuer in OIDC package to handle issuer mismatch cases
• Add workaround for resource metadata that incorrectly lists authorization servers that don't match the actual issuer (validates each server and uses the discovered issuer)

This fixes the bug where issuer detection was incorrectly trying to derive
the issuer from the remote URL instead of using the realm parameter or
fetching resource metadata as specified in the RFCs.

The implementation now properly handles edge cases like Stripe's where the
resource metadata URL hosts the authorization server metadata but the actual
issuer identifier is different.

[codecov]

Codecov Report

❌ Patch coverage is 49.64286% with 141 lines in your changes missing coverage. Please review.
✅ Project coverage is 42.64%. Comparing base (0196b44) to head (21c3ae3).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/auth/discovery/discovery.go	66.50%	61 Missing and 7 partials ⚠️
pkg/runner/remote_auth.go	0.00%	67 Missing ⚠️
pkg/auth/oauth/oidc.go	40.00%	5 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1839      +/-   ##
==========================================
- Coverage   42.66%   42.64%   -0.02%     
==========================================
  Files         184      184              
  Lines       21853    22046     +193     
==========================================
+ Hits         9323     9402      +79     
- Misses      11809    11921     +112     
- Partials      721      723       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coveralls]

coverage: 40.02% (+0.01%) from 40.007%
when pulling 21c3ae3 on fix-oauth-issuer-discovery
into 0196b44 on main.