We should provide a CLI tool allowing users to retrieve their OIDC access tokens easily. For instance:
$ swh authenticate -u <username> -p <password> <JSON dump of tokens>
This tool should only send requests to the Keycloak server as we do not want credentials to transit in any swh web applications.
When using OIDC PKCE authentication, this approach seems to work pretty great.