Add client ID to OIDC error logs

[muhlemmer]

Currently when an auth request results in an error and the error is returned to the client or browser, log lines like the following are omitted:

time=2024-05-08T14:24:08.722Z level=WARN msg="request error" oidc_error.description="The requested redirect_uri is missing in the client configuration. If you have any questions, you may contact the administrator of the application." oidc_error.type=invalid_request oidc_error.redirect_disabled=true status_code=400

This misses context like the client ID, making errors harder to debug.

As an operator I would like to understand which OIDC client / application is creating Auth Request errors.

Acceptance criteria

• Auth request error logs contain client ID
• Auth request error logs contain instance ID and/or issuer domain
• Do we need organization ID?

Additional info

op.AuthRequestError is the general function that writes an HTTP response to the browser (either as printed message or redirect to the client). That function also omits the error logs. Passed AuthRequest may implement the optional op.LogAuthRequest interface which can return logging values. oidc.AuthRequest.LogValue() is an example of an implementation:

func (a *AuthRequest) LogValue() slog.Value {
	return slog.GroupValue(
		slog.Any("scopes", a.Scopes),
		slog.String("response_type", string(a.ResponseType)),
		slog.String("client_id", a.ClientID),
		slog.String("redirect_uri", a.RedirectURI),
	)
}

Note that zitadel uses its own implementations of AuthRequest which will need to receive this method.