auth Improve provider name handling

The problem occurs when the provider name contains underscore characters _. If provider name is like provider_prod and full claims.User.ID in the JWT token looks like provider_prod_user1, then Authenticator.isProviderAllowed() check fails and provider with such name cannot be used. This was initially discovered in https://github.com/go-pkgz/auth/pull/201#discussion_r1624361335.

It might be better to add an explicit provider name into the JWT token claims, and avoid parsing already serialized string back to tokens.

Provider name passed into Service.AddProvider() also becomes a part of https://host:port/auth/provider_prod/login URL, and therefore it requires special handling. One solution is to url-encode it, but then it will be still possible to use names containing spaces or special characters (by accident or with purpose). Another solution is to forbid all provider names which require url-encoding. It might be better to forbid empty names as well. _ underscore has been mentioned in the README examples for some time now, i am not sure about it. But those names may be even more strict and contain only ASCII alphanumeric symbols. What do you think?

It is not possible to return errors from Service.AddProvider(), therefore invalid providers are just ignored and ERROR level message is logged.