Add suport for validation of Certificate-Bound Access Tokens according to RFC 8705

[dadrus]

In principle this can be achieved already today by making use of the local authorizer and checking the presence of the cnf (confirmation) claim holding the required certificate hash and comparing that value with the hash of the certificate used during the TLS handshake and forwarded to heimdall.

The idea is to update the jwt and oauth2_introspection authenticators to do the required calculations if the cnf claim is present and contains the x5t#S256 claim by default without any custom code or configuration and also respond in case of errors according to the requirements defined by the RFC 8705, which is not possible with the method described above as long as #157 is not implemented.