[Feat]: Allow specifying user and group scopes with OIDC authentication

[AndersBennedsgaard]

Is your feature request related to a problem? Please describe.

It should be possible to specify which claim to use for the user ID. Some users might want to use email, others might want to use sub.
Additionally, it should be possible to select a claim which is used for groups. This is already possible with LDAP:

zot/pkg/api/config/config.go

Line 165 in 002ff05

UserGroupAttribute string

Describe the solution you'd like

Add userclaim and groupsclaim to OIDC provider config

Describe alternatives you've considered

No response

Additional context

No response

[rchincha]

@AndersBennedsgaard thanks for doing a thorough evaluation and identifying improvements for zot.
We would also respectfully urge you to consider posting PRs.

[AndersBennedsgaard]

I have opened PRs in OSS projects before which have been closed with a "we do not agree with this" explanation. So I don't create PRs before I get an approval from the developers that it is something they want. If you do think it's a good improvement, and wouldn't mind contributions for it, you can say that you agree and add the good first issue Good for newcomers label