feat: allow to disable claim mirroring

[dastein1]

This PR introduces another config option called oauth2:mirror_top_level_claims which may be used to disable the mirroring of custom claims into the ext claim of the jwt.
This new config option is an opt-in. If unused the behavior remains as-is to ensure backwards compatibility.

Example:

oauth2:
  allowed_top_level_claims:
    - test_claim
  mirror_top_level_claims: false # -> this will prevent test_claim to be mirrored within ext

Related issue(s)

#3348

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

[CLAassistant]

All committers have signed the CLA.

[codecov]

Codecov Report

Merging #3563 (135da47) into master (6741a49) will increase coverage by 0.10%.
Report is 1 commits behind head on master.
The diff coverage is 100.00%.

❗ Current head 135da47 differs from pull request most recent head e1fa88f. Consider uploading reports for the commit e1fa88f to get more accurate results

@@            Coverage Diff             @@
##           master    #3563      +/-   ##
==========================================
+ Coverage   76.24%   76.34%   +0.10%     
==========================================
  Files         132      132              
  Lines        9901     9888      -13     
==========================================
  Hits         7549     7549              
+ Misses       1837     1824      -13     
  Partials      515      515              

Files Changed	Coverage Δ
driver/config/provider.go	83.01% <100.00%> (+0.12%)	⬆️
oauth2/handler.go	67.62% <100.00%> (+0.06%)	⬆️
oauth2/session.go	82.08% <100.00%> (+1.76%)	⬆️
x/oauth2cors/cors.go	87.14% <100.00%> (ø)

... and 5 files with indirect coverage changes

[hperl]

This looks very good already, thanks for the contribution!

I had only one remark, please see below.

[hperl]

Instead of passing each config option, we could pass the configuration provider here and read out the config values in the function body.

[dastein1]

Thanks @hperl. The methods on the config provider require the context. So I've changed the signature to accept ctx first followed by the config provider.

[hperl]

LGTM, thank you for the contribution 🎉