Implement DigiD Machtigen and eHerkenning bewindveoering with OIDC

[SilviaAmAm]

At the moment, when logging in with DigiD, the OIDCAuthenticationRequestView from the mozilla_django_oidc library redirects to the URL where the user needs to log in. Once they have logged in, they are redirected to OIDCAuthenticationCallbackView.
In the mozilla_django_oidc, a new user would be created and logged in. We overwrite the backend https://github.com/open-formulieren/open-forms/blob/master/src/digid_eherkenning_oidc_generics/backends.py#L29 so that get_or_create_user always returns an AnonymousUser. Before the user is created, the claims are extracted from the response and put into the session (https://github.com/open-formulieren/open-forms/blob/master/src/digid_eherkenning_oidc_generics/backends.py#L26). Currently only the value of the identifier_claim_name attribute is added to the session (with key digid_oidc:bsn for digid, eherkenning_oidc:kvk for eHerkenning).

Atm, the value of the identifier_claim_name is configured through the admin.

For DigiD machtigen, the backend needs to extract the following nested attributes:

• aanvrager.bsn
• gemachtigde.bsn

For eHerkenning:

• aanvrager.kvk
• gemachtigde.pseudoID
• aanvrager.pseudoID ?

Edit:
Discussed this with Maarten. For now keycloak only sends aanvrager.kvk and gemachtigde.bsn. PseudoIDs are not used yet and the aanvrager.bsn is not sent. PseudoIDs are apparently encrypted versions of the BSN sent by DigiD or eHerkenning.

These need to be put in the session so that the digid_eherkenning_oidc plugin can add them to the form_auth (https://github.com/open-formulieren/open-forms/blob/master/src/openforms/authentication/contrib/digid_eherkenning_oidc/plugin.py#L73).
The attribute/value will be filled with the aanvrager.bsn/kvk while the bsn/pseudoID of the gemachtigde will be in a separate key gemachtigde on the form_auth dict.

When a session is started, now there is a signal that fills the auth fields on the submission based on what is in the session.
https://github.com/open-formulieren/open-forms/blob/master/src/openforms/authentication/signals.py#L64

• DigiD Machtigen [#1471] DigiD Machtigen #1485
• eHerkenning bewindvoering [#1471] eHerkenning bewindvoering #1537

Prefills

The prefills should be able to fill the form with the data of both persons involved (vertegenwoordigde and gemachtigde).