Support client certificate and advanced requests library options for backend OIDC communications

[devmonkey22]

Currently, OIDCAuthenticationBackend makes HTTP requests to the OIDC backend endpoints via global requests library methods, for example with retrieve_matching_jwk, get_token, etc methods. This makes it difficult (without monkey-patching) to provide the requests library additional options like an x509 client certificate (for mTLS), custom headers, cookie persistence, etc. I believe it also limits HTTP connection persistence, etc.

My recommendation would be to update to the following:

• Switch to use a requests.Session object.
• Create an OIDCAuthenticationBackend.get_requests_session method (or similar name) that returns the requests.Session object to use (and store into self). This will allow OIDCAuthenticationBackend subclasses to override and provide a customized Session, for example, to set Session.cert, etc.
• If desired, add a OIDC_CLIENT_CERT and OIDC_CLIENT_CERT_KEY setting that will set Session.cert to either the single file (or tuple to both cert and key). This would reduce the need to subclass the auth backend for client certificate needs specifically though.