OIDC support for PKCE

[Kariton]

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Thanks for the new OIDC integration!
But it currently lacks PKCE support.

My OIDC provider (kanidm) enforces PKCE per default resulting in an error:

No PKCE code challenge was provided with client in enforced PKCE mode

Describe the solution you'd like
A clear and concise description of what you want to happen.

PKCE support added to the OIDC implementation.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Disable the PKCE requirement in OIDC server client configuration, which prevents the error.

Additional context
Add any other context or screenshots about the feature request here.

https://www.rfc-editor.org/rfc/rfc7636

OAuth 2.0 public clients utilizing the Authorization Code Grant are
susceptible to the authorization code interception attack. This
specification describes the attack as well as a technique to mitigate
against the threat through the use of Proof Key for Code Exchange
(PKCE, pronounced "pixy").