Use Authorization Code flow with PKCE in Keycloak OIDC federation

Created by: reqa

As a user of SCS, I want Keystone OIDC federation to use "Authorization Code flow with PKCE" instead of "Implicit Grant" so that I follow security best practice for OpenID Connect.

Definition of Ready:

• User Story is small enough to be finished within one sprint
• User Story is clear and understood by the whole team
• Acceptance criteria are defined
• Acceptance criteria are clear and understood by the whole team

Definition of Done:

• Put OIDCPKCEMethod plain into the wsgi-keystone.conf. Maybe there are also even better settings
• We should also disable the Implicit Flow in the keystone client config in Keycloak
• All acceptance criteria are met
• Changes have been reviewed
• CI tests have run successfully
• Documentation has been updated
• Release Notes have been updated