add configurable OAuth auth plugin support

Introduce a new rms.auth.oauth auth method plugin for OAuth/OIDC code flow with standard provider settings (authorize/token/userinfo URLs, client credentials, scope, redirect URI and extra params). Add server callback handling and OAuth challenge state tracking, UI redirect/error handling, and keep the plugin disabled by default via manifest defaultEnabled=false.

plugins/rms.auth.oauth/manifest.json

@@ -0,0 +1,32 @@
+{
+  "id": "rms.auth.oauth",
+  "name": "OAuth / OIDC Auth",
+  "version": "1.0.0",
+  "apiVersion": "1.0",
+  "defaultEnabled": false,
+  "capabilities": [],
+  "authMethod": {
+    "id": "oauth",
+    "type": "oauth",
+    "label": "OAuth"
+  },
+  "settingsSchema": {
+    "type": "object",
+    "properties": {
+      "authorizeUrl": { "type": "string" },
+      "tokenUrl": { "type": "string" },
+      "userInfoUrl": { "type": "string" },
+      "clientId": { "type": "string" },
+      "clientSecret": { "type": "string" },
+      "scope": { "type": "string" },
+      "redirectUri": { "type": "string" },
+      "emailField": { "type": "string" },
+      "authStyle": { "type": "string" },
+      "audience": { "type": "string" },
+      "extraAuthorizeParams": { "type": "string" },
+      "extraTokenParams": { "type": "string" }
+    },
+    "additionalProperties": false
+  },
+  "uiControls": []
+}