Feat authservice: Add Support for multiple OIDC issuers in RequestAuthentication and AuthorizationPolicy

Feature Request

Why

We need to allow users to authenticate via either Keycloak (existing SSO) or Okta (new SSO provider) to access the same protected services. Both identity providers should be valid JWT issuers.

Currently, the authservice chart only supports a single OIDC issuer configured via issuer_uri or the default global.oidc.host/realm construction. The authn.yaml template generates a RequestAuthentication with a single jwtRule, and authz.yaml generates an AuthorizationPolicy with a single requestPrincipal source. This limits deployments that need to authenticate users from multiple identity providers simultaneously.

Current workaround is post-render patches to override the generated resources.

Proposed Solution

Add values fields to support additional OIDC issuers that would be appended to:

1. The jwtRules array in the RequestAuthentication (authn.yaml)
2. The requestPrincipals sources in the AuthorizationPolicy (authz.yaml)

Example values:

additionalJwtRules:
  - issuer: https://example.okta.com
    jwksUri: https://example.okta.com/oauth2/v1/keys
    forwardOriginalToken: true

additionalRequestPrincipals:
  - https://example.okta.com/*