POC: experimental Oauth support

[timbl-ont]

Description

This is a POC to demonstrate adding OAuth support to ACA-Py. The code was developed via AI and is not expected to be merged as is without appropriate developer input and testing. Contributed here as per discussions at the ACA-Py OWF project meeting today.

The code does the following:

• Adds an OAuth validator - JWT (JWKS) and introspection
• Updates the auth decorators, admin_authentication and tenant_authentication, to support basic scopes that provide similar functionality to x-api-key and tenant JWT.
• Adds a decorator, require_scope, which can be added to any route to enable granular permissions. Example provided for wallet_create_did
• Demo created with Keycloak under ./demo/demo-authserver. Run docker compose up
• Various test scripts in ./demo/demo-authserver/scripts
• Documentation in ./docs/features/OAuthResourceServer.md

One area of exploration may be to add an orthogonal set of scopes that represent granular roles with ACA-Py.

Type of Change

• Bug fix
• [X ] New feature (demo)
• Documentation update
• Chore / maintenance

Checklist

• I have read the Contributing Guide
• My changes follow the existing code style
• I have added/updated tests where applicable
• I have updated documentation if needed