Feature request: use`openid_configuration_url` to guess OIDC endpoints and keys

[Éloi Rivard]

Since version 2.3.16 dovecot has a openid_configuration_url [1] configuration
parameter. Here is the documentation about this parameter:

> Support for RFC 7628 OpenID Discovery (OIDC) can be achieved with 
> openid_configuration_url setting. Setting this causes Dovecot to report OIDC
> configuration URL as openid-configuration element in error JSON.

After reading the RFC I understand this brings some context to the error
messages, but at first glance I would have expected more from this parameter.

- Dovecot could read the userinfo_endpoint option [2] in the OIDC discovery
endpoint to guess the IDP userinfo endpoint [3], and make the dovecot
introspection_url parameter optional.

- Dovecot could read the introspection_endpoint option [4] in the OIDC discovery
endpoint to guess the IDP introspection endpoint [5], and make the dovecot
tokeninfo_url parameter optional. RFC8414 is still a draft though, but there
seems to be a convention about this parameter be called either
token_introspection_endpoint or introspection_endpoint. Maybe both could be
checked?

- Dovecot could read the jwks_uri [4] option in the OIDC discovery endpoint to
guess the IDP public keys, and make the local_validation_key_dict dovecot
parameter optional.

I would suggest to keep the values in introspection_url, tokeninfo_url and
local_validation_key_dict if defined, but use the values found in the OIDC
discovery endpoint by default.

I think this would really help using OAUTH with dovecot.
What do you think?

[1]
https://doc.dovecot.org/configuration_manual/authentication/oauth2/#openid-discovery
[2] https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
[3] https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
[4] https://datatracker.ietf.org/doc/html/rfc8414#section-2
[5] https://datatracker.ietf.org/doc/html/rfc7662