Only log no cookie match if cookie domains specified

* dist.sh: remove go version from asset links

* update changelog

Create generic Authorization Header constructor

Ensure session times are not nil before printing them

Allow OIDC Bearer Tokens without emails

`findClaimsFromIDToken` would always have a `nil` access token and not be
able to hit the userinfo endpoint in Bearer case. If access token is nil,
default to legacy `session.Email = claim.Subject` that all JWT bearers used
to have, even if a valid profileURL is present.

This reverts to functionality before #499 where an OIDC
provider could be used with `--skip-jwt-bearer-tokens` and
tokens without an email or profileURL would still be valid.
This logic mirrors `middleware.createSessionStateFromBearerToken`
which used to be the universal logic before #499.

Support Password & SentinelPassword in Redis session store

Add `x-oauth-basic` nosec annotation & address gosec unhandled errors

* Add dedicated error logging writer

* Document new errors to stdout flag

* Update changelog

* Thread-safe the log buffer

* Address feedback

* Remove duplication by adding log level

* Clean up error formatting

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Address gosec findings

Any template errors instead of IO
errors are caught in validation.

Mostly handling unhandled errors appropriately.
If logging to STDERR fails, we panic. Added #nosec
comments to findings we are OK with.

Fix time issue causing finicky failures in logging tests

Fix typos and other minor edits

Add pull request events to CodeQL action

This will validate pull requests from forks to ensure that changes don't end up impacting you negatively.

Align persistence ginkgo tests to conventions

* Add test for GetRedirect to check query and fragments.

* Preserve query and fragment when building redirect.

* Add changelog entry for redirect fix

Move provider URLs to package level vars

* Centralize Ticket management of persistent stores

persistence package with Manager & Ticket will handle
all the details about keys, secrets, ticket into cookies,
etc. Persistent stores just need to pass Save, Load &
Clear function handles to the persistent manager now.

* Shift to persistence.Manager wrapping a persistence.Store

* Break up the Redis client builder logic

* Move error messages to Store from Manager

* Convert ticket to private for Manager use only

* Add persistence Manager & ticket tests

* Make a custom MockStore that handles time FastForwards

Refactor session loading to make use of middleware pattern

Integrate upstream package with OAuth2 Proxy