Feature request: Better SSO/OpenID integration

[Zepmann]

• Support disabling the password change dialog and hiding the link to it in the Settings page (e.g. LD_ALLOW_PASSWORD_CHANGE, default true). This will not just benefit OpenID support but also proxy header-based authentication.
• Support OpenID Connect Discovery 1.0 (e.g. OIDC_OP_DISCOVERY_BASE_URL, which accepts the base URL of the OpenID provider such as https://auth.example.com to retrieve https://auth.example.com/.well-known/openid-configuration). This is an alternative to OIDC_OP_AUTHORIZATION_ENDPOINT, OIDC_OP_TOKEN_ENDPOINT, OIDC_OP_USER_ENDPOINT and OIDC_OP_JWKS_ENDPOINT.
• Support disabling local login, so that when an unauthenticated user visits Linkding, Linkding immediately attempts OIDC authentication instead of the user seeing a login form and needing to press a button (e.g. OIDC_LOGIN_AUTO). Alternatively, just make this the default (similar to when LD_ENABLE_AUTH_PROXY=true).
• Support redirect after logout for when OpenID is configured (e.g. OIDC_LOGOUT_URL). This is similar to LD_AUTH_PROXY_LOGOUT_URL. Alternatively, just support LD_LOGOUT_URL for all forms of authentication.

[nicoduck]

It would be also nice if staff and superuser could be set via claims and not only manually on the admin interface. The used library would support it, but I can't find an option to change the login flow to integrate that.