[ENH] Support authentication only via OIDC

[ThoreKr]

Motivation

Services which do not make use of extended agent features, such as the requirements bazaar, currently employ the anti pattern of shared, reused passwords which are known to any service which got an access token from the same identity provider.

Furthermore sending the access token in a separate header could become another thread to the users privacy as http agent mechanisms to strip the auhorization header when following redirects are ineffective.

Ideally, to decrease integration efforts and to encourage the use of standard libraries, authentication should be possible through a regular oidc flow, without the need for additional tweaks and headers.