It turns out, we do NOT want to keep one single, global OIDC client data
structure. There are two major problems with this:
1. If the OIDC IdP happens to be unavailable when the process starts,
Rocket will fail to ignite and the process will exit. This is
unnecessary, since the only functionality that will be unavailable
without the IdP is new logins; existing sessions/tokens will still be
valid.
2. Identity providers can change keys, URLs, etc. at any time. If we
cache everything and never look it up again, all future login
attempts will fail until the server is restarted.
The official recommendation for caching OIDC IdP configuration and keys
is to use native HTTP cache control. Unfortunately, most IdPs
explicitly disable caching of their HTTP responses.
We'll use a JWT in the `Authorization` request header to identify the
user saving a page. The token will need to be set in the _authorization
token_ field in the SingleFile configuration so it will be included when
uploading.
