implement the OIDC UserInfo endpoint

[chris-okuda]

Scope of changes

Implement the basic OIDC UserInfo endpoint at v1/oidc/userinfo (POST and GET).

See: https://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Fixes SC-36744

Type of change

• new feature
• bug fix
• documentation
• testing
• technical debt
• other (describe)

Acceptance criteria

See spec.

Definition of Done

• I have manually tested the change running it locally (having rebuilt all containers) or via unit tests
• I have added unit and/or integration tests that cover my changes
• I have added new test fixtures as needed to support added tests
• I have updated the dependencies list if necessary (including updating yarn.lock and/or go.sum)
• Check this box if a reviewer can merge this pull request after approval (leave it unchecked if you want to do it yourself)
• I have notified the reviewer via Shortcut or Slack that this is ready for review
• Documented service configuration changes or created related devops stories

Reviewer(s) checklist

• Any new user-facing content that has been added for this PR has been QA'ed to ensure correct grammar, spelling, and understandability.
• Are there any TODOs in this PR that should be turned into stories?

[chris-okuda]

comments

[chris-okuda]

We can include other fields, and also can include fields based on the request, but for this basic version I only included the basic fields that should be required for the Compass integration.

[chris-okuda]

I chose not to return a signed/encrypted version of the claims as a JWT because it was more complex and was not required by the spec, unless the request specifically asks for the JWT claims, which is not the case for this integration since mozilla-django-oidc accepts JSON (see https://github.com/mozilla/mozilla-django-oidc/blob/86660c22c842d935551e3da7ab14709e53facd12/mozilla_django_oidc/auth.py#L275).

[daniellemaxwell]

Looks good!