Support `default_acr_values`

[apexskier]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] This issue affects my Ory Cloud project.
• [ ] I have joined the Ory Community Slack.
• [x] I am signed up to the Ory Security Patch Newsletter.

Describe your problem

One of the OIDC specification's client metadata values is default_acr_values. I'd like to use these to configure required ACR (e.g. is MFA required) at the client registration level, so we can avoid depending on hardcoded rules or client-supplied requests (which could be spoofed).

I'm currently able to register a client with default_acr_values, but do not have access to this value in the client.OAuth2Client type (and I haven't seen a way to access it anywhere else).

Describe your ideal solution

I'd like the client.OAuth2Client type to contain default_acr_values supplied in a client registration.

Workarounds or alternatives

I can not rely on the OIDC spec, and instead just hardcode this per client or use an alternate configuration mechanism.

Version

v1.11.8

Additional Context

I'm pretty sure implementation would involve adding the field to the oidc client type and api client type, then plumbing the data to and from the DB layer.