auth/backends: Simplify and improve OIDC authentication
No need to query the userinfo endpoint of the OIDC server when authenticating
as those information can also be found in the decoded access token.
Use more reliable access token expiration date.
Check groups claim is provided in decoded token before trying to read it.