Add support for Single LogOut (SLO) where supported

[yaronuliel]

Goals

1. Allow logging out from external Identity Provider when signOut is called (on supporting provider, such as oath, KeyCloak and every other oidc based providers), without manual work
2. Ensure that when signing out, user doesn't loop back as logged in user after being redirected to the SSO Login page while already connected to the IdP
3. Implement more functionality from the OpenId Connect specs (and optionally others, such as SAML2, etc...)

Non-Goals

No response

Background

• In OpenID Connect (oidc), in the .well-known/openid-configuration, the IdP may provide a end_session_endpoint (info) paramter, that should be used when logging user out of the application so the user will also be logged out from the Identity Provider.

Proposal

1. when reading openid configruation - the end_session_endpoint should also be read
2. either add a parameter to signOut (idp_logout or something like this), or add a new method (e.g. signOutPersistent)
3. when calling the new signOut - after the local signout, craft a url based on the end_session_endpoint value and redirect the user to it in order to complete Single Log Out