Keycloak also allow to define user roles at realm level to define
permissions at a global level not tight to a client.
Include these extra roles in the user permissions set from the
decoded token content.
As a consequence, some parameters of the keycloak_oidc_factory
function got renamed, this will break swh-deposit and swh-web tests but
I will push diffs to fix that (D5579, D5580)
Related to T3213