Support OIDC discovery over the CS API

[pixlwave]

OIDC discovery through the .well-known is going to be replaced with a dedicated CS API to allow for OIDC authentication without requiring homeserver discovery to take place first. I would imagine this should be tackled in 3 parts (but I'm not 100% sure if this lines up with normal expectations:

• [ ] Adding /auth_issuer to Ruma and exposing the API from the SDK.
• [ ] Updating the authentication service to prefer this API over the old .well-known discovery mechanism.
• [ ] Once we're happy sufficient time has past for existing deployments to have updated, remove support for the old mechanism.