feat: Add JWT leeway setting to KeycloakOAuth2 backend

[mageo]

Fixes #1102 by adding support for a JWT_LEEWAY setting in the Keycloak backend.

[nijel]

I'd really prefer to have a generic solution here instead of ad-hoc solutions per backend. See also #1031

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 77.69%. Comparing base (326d4b3) to head (c7ba3ad).
Report is 193 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1103      +/-   ##
==========================================
- Coverage   77.88%   77.69%   -0.20%     
==========================================
  Files         347      348       +1     
  Lines       10669    10636      -33     
  Branches      504      461      -43     
==========================================
- Hits         8310     8264      -46     
- Misses       2200     2212      +12     
- Partials      159      160       +1     

Flag	Coverage Δ
unittests	77.69% <ø> (-0.20%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[nijel]

Let's merge this as it is as we are not using generic code path as in #1102.