Add Apple as oauth provider

[nduitz]

Hey, tried adding this apple adapter.

The apple flow is a bit different compared to other implementations:

• Apple expects a nonce, that can later be verified
• The secret is not a predefined key but a JWT token containing the team_id, issuer, package_name, private_key_id and issue/expiry timestamps. The JWT has to be signed by a private key provided by apple.
• Apple has no 'user_info' callback. Instead they include an jwt token in the response containing the user info defined via scope. The JWT can be veryfied by querying /auth/keys to find the current keys used for signing (the JWT header contains the kid which is used to identified the correct key). This is optional by configuring verify_payload: true.

Would appreciate some feedback :)