With OpenID flow, instead of using /userinfo endpoint, an ID token
issued by the authorisation server is used.

Information in this token ususally includes extra params and options,
not available in userinfo response.

makeRedirURL should work from a request, but it's not part of this PR

Key generation is slow(-ish) so usual sleeps of 50ms sometimes not
enough, that makes tests flaky.

Weirdly coveralls thinks this method is not covered, because it is
tested in another package. However there isn't much to test really, so
at best I can check jwks URL is correctly served.

Actual login flow is tested already, and these two new methods are
called in provider/openid_test.go. However the coverage tool is not
detecting these calls, and instead seems to be requiring the methods to
be called in the matching test file.

So this test is a weird artifact to make coverage tool happy.

golang-jwt library is trying to validate iat claim of the ID token and
due to not accounting for clock skew, validation pretty randomly fails.

There is an open issue golang-jwt/jwt#98 and
seems like that is fixed in v4. However it is still unclear why iat is
validation in the first place, that's not required by RFC and doesn't
seem like the right thing to do. Only nbf and exp claims should be used
for token lifetime validity check.

Also, update README to show how to configure OpenID providers.