feature: authorize plugin to work as forward_auth

[greenpau]

Currently, if you have a single OAuth identity provider in their config, you need to configure authentication portal and then redirect to the provider, e.g. /auth/oauth2/google/authorization-code-callback.

This feature would allow using authorize plugin without the provider.

{
	security {
		oauth identity provider linkedin {
			realm linkedin
			driver linkedin
			client_id {env.LINKEDIN_APP_CLIENT_ID}
			client_secret {env.LINKEDIN_APP_CLIENT_SECRET}
		}

		authorization policy linkedin_oauth_policy {
			use oauth identity provider linkedin
			allow roles authp/admin authp/user
		}
	}
}

{
	route {
		authorize with linkedin_oauth_policy
		reverse_proxy http://127.0.0.1:5001
	}
}

See also #375

[greenpau]

The greenpau/go-authcrunch@26f70a8 paves the way to proxy OAuth flow throw the gateway and to authentication portal. Currently, the gateway redirects user to the portal. In the future System API would allow proxying authentication through gateways in the similar way how it is done for Basic and API key authentication methods.