Document AWS ALB OIDC integration

[mooreds]

There are times when you want to have a webapp (or N webapps) behind an ALB. All access to these apps will be mediated through the ALB but only will be available to authenticated users.

FusionAuth can authenticate these users using the standard OIDC flows. (You want FusionAuth to stand outside the ALB.)

After FusionAuth authenticates the users, they will have a session cookie (managed by the ALB). See docs below.

This is different than the AWS API gateway documentation already written because that isn't using sessions; it expects a JWT for every request. In this case we have a session cookie managed by the ALB.

The task is to show how to configure an AWS ALB to work with FusionAuth.

Documentation: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#authentication-flow