OpenID Connect: Add support for signed JWT responses from the UserInfo endpoint

Proposal

Add support for signed JWT responses from the OpenID Connect UserInfo endpoint to properly handle identity providers that return claims in JWT format according to the OpenID Connect specification.

Currently, GitLab's OpenID Connect implementation expects the UserInfo endpoint to return claims in a JSON format. However, according to the OpenID Connect Core specification, when the UserInfo Response is signed and/or encrypted:

• The claims MUST be returned in a JWT format
• The content-type MUST be application/jwt

This causes compatibility issues with identity providers that implement signed responses according to the spec, since GitLab currently:

1. Only processes the UserInfo response as JSON
2. Does not handle the application/jwt content type

This enhancement would improve GitLab's OpenID Connect compatibility and security by properly supporting signed responses to support more providers.

Relevant discussion: #482438 (comment 2300197691)

Customer ticket [(internal)](uhttps://gitlab.zendesk.com/agent/tickets/594575