Upgrade doorkeeper / doorkeeper-openid_connect to fix open redirect vulnerability

The gem doorkeeper-openid_connect has a (low-risk) open redirect vulnerability which was fixed in version 1.5.4, and was assigned CVE-2019-9837.

The upgrade also requires upgrading Doorkeeper to version 5.x, I saw there's an old MR upgrading to 4.4.3.

/cc gitlab-ce~2779335