microsoft: get rid of User.Read scope which leads to additional consents

[xaurx]

Overview

Standart Microsoft dex connector forces microsoft to ask user for permissions. This can be avoided if user is logged in to Microsoft in this browser.

What this PR does / why we need it

Dex requires User.Read scope which forces Microsoft to show an additional screen from time to time even if user is already logged in with microsoft in this browser:

Permissions Requested
...
This app would like to:
Sign in and read user profile

If instead a more standard OIDC connector procedure is used with openid,profile,email scopes - it doesn't happen and no microsoft screens are shown.

This patch kills the need for User.Read scope and follows a more standart OIDC connector procedure for Microsoft login. Note, microsoft doesn't fully follow spec, so issuer field in well-known configuration and token is verified manually.

Does this PR introduce a user-facing change?

yes, user sees less "Permissions Requested" screens.

[cardoe]

I'd be a -1 on this as the Microsoft connector is oauth2 and not oidc. It's designed to work with Microsoft's not quite standard v1 endpoints while their v2 endpoints which are OIDC standard can be used via the regular oidc backend. Since this is meant for the non-standard v1 it's using the necessary scopes for that. What you're doing here is making the Microsoft connector behave like the oidc connector. So just use that connector.