Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Fixed .CustomLogin </form> tag placement for login page

* Update changelog (gh-1317)

Keycloak oidc provider

* switched to github.com/golang-jwt/jwt and updated golang.org/x/crypto to include CVE fixes

* added #1276 to changelog

Co-authored-by: Joshua Vécsei <git@vecsei.me>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Fix small typo

Remove finicky encryption test

AES-CFB is unauthenticated, in rare circumstances it won't error on
AES-GCM encrypted payloads

* Extend email-domain validation with sub-domain capability

* Adding the CHANGELOG entry

* Fixing lint erros

* Fixing lint erros

* Renamed the emailDomains to allowedDomains, plus tests

* Bringing together all basic test-cases

* Fixing unit tests

* Add unit tests to validate additional vulnerability concerns

Update README.md

Fixing typo.

Implement RewriteTarget to allow requests to be rewritten before proxying to upstream servers

Convert RefreshSessionIfNeeded into RefreshSession

They will only be used in tests, but it doesn't play
nice with copy operations many tests use. The linter was
not happy. While the global clock needs mutexes for parallelism,
local Clocks only used it for Set/Add and didn't even use the
mutex for actual time functions.

The reflect.DeepCopy doesn't play nice with the new Lock and Clock
fields in sessions. And it added unneeded session deserialization
logic to every request.

Simplify sha256sum checking example

The previous code didn't consider other languages and hid the output of failures. For example

```
$ LANG=es_ES.UTF-8 sha256sum -c sha256sum.txt
oauth2-proxy-v7.1.3.linux-amd64/oauth2-proxy: La suma coincide
```

Move app redirection logic to its own package

Use gorilla mux for OAuth Proxy routing

* Update Alpine image version to 3.14.

* Update changelog.