feat: use OIDC avatars

[doenke]

What this PR does / why we need it:

This PR improves OIDC-based avatar handling so profile images are both sourced correctly and refreshed when the upstream identity provider updates them.

Changes made:

• mealie/core/security/providers/openid_provider.py
  • Added support for using the OIDC picture claim as the user avatar source.
  • Updated avatar update behavior to rotate the user cache key when avatar-related profile data changes.

Why:

• Some OIDC providers expose user profile images via the picture claim; this ensures Mealie can consume that standard claim directly.

Which issue(s) this PR fixes:

N/A

(If no issue exists, replace with: N/A)

Special notes for your reviewer:

• Review focus: openid_provider.py avatar update flow.
• The change is intentionally scoped to OIDC provider logic only.

Testing

• Verified OIDC login/sync path still succeeds with existing claims.
• Verified avatar is populated from picture claim when present.
• Verified avatar changes trigger cache-key rotation so updated images are served instead of stale cached content.

AI / LLM Assistance

This PR was developed with AI assistance for drafting and refining implementation details, commit/PR text, and validation steps.
All code changes and final behavior were reviewed and validated by the author.