feat: oidc background token refresh

[devopsjedi]

Closes #12189
Adds support for background OIDC token refresh

• Adds refreshTokenThreshold field to oidc.config spec. When authentication middleware verifies the current token, the remaining lifetime of the token is compared to the refresh token threshold. The token is refreshed by the server when the lifetime is lower than the threshold and a new token is returned to the client.
  - Adds OpenTelemetry tracing for authentication flow

Tested against keycloak.

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• The title of the PR states what changed and the related issues number (used for the release note).
• The title of the PR conforms to the Toolchain Guide
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).
• My new feature complies with the feature status guidelines.
• I have added a brief description of why this PR is necessary and/or what this PR solves.
• Optional. My organization is added to USERS.md.
• Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

[bunnyshell]

❌ Preview Environment deleted from Bunnyshell

Available commands (reply to this comment):

• 🚀 /bns:deploy to deploy the environment

[codecov]

Codecov Report

❌ Patch coverage is 73.59307% with 61 lines in your changes missing coverage. Please review.
✅ Project coverage is 60.91%. Comparing base (05ccc01) to head (45bcb96).

Files with missing lines	Patch %	Lines
util/oidc/oidc.go	73.09%	32 Missing and 14 partials ⚠️
server/server.go	56.25%	5 Missing and 2 partials ⚠️
util/http/http.go	83.33%	2 Missing and 1 partial ⚠️
util/settings/settings.go	76.92%	2 Missing and 1 partial ⚠️
server/application/websocket.go	0.00%	1 Missing ⚠️
util/oidc/provider.go	80.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #23727      +/-   ##
==========================================
+ Coverage   60.89%   60.91%   +0.02%     
==========================================
  Files         351      351              
  Lines       60489    60625     +136     
==========================================
+ Hits        36832    36931      +99     
- Misses      20736    20766      +30     
- Partials     2921     2928       +7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[todaywasawesome]

@agaudreault The PR has been updated to remove the OTEL feature for now and is ready for review.

[agaudreault]

@devopsjedi can you resolve conflicts and ping me on here/slack when it is done. 🙇

[devopsjedi]

@devopsjedi can you resolve conflicts and ping me on here/slack when it is done. 🙇

Rebased and resolved 🫡 @agaudreault

[agaudreault]

Overall LGTM. Few nitpicks and maybe a refactor on how the cache is managed would help clarify the ccode. Please don't force push follow up commit.

[devopsjedi]

Overall LGTM. Few nitpicks and maybe a refactor on how the cache is managed would help clarify the ccode. Please don't force push follow up commit.

Thanks- updated based on feedback

[sidewinder12s]

Might want to update the PR description that OTEL was pulled out. Thanks for working through this though!

[johnpekcan]

Yes! thank you so much for chasing this down! We are very appreciative 👏

[devopsjedi]

@agaudreault Updated based on your latest feedback