providers/proxy: no exposed urls

[BeryJu]

This PR greatly simplifies the Forward auth setup for traefik and envoy. It'll remove the requirement /outpost.goauthentik.io to be openly accessible, which makes setup easier and decreases attack surface.
For traefik/envoy it'll work like:

• User sends initial request
• Auth subrequest is sent
• 302 is returned directly to core authentik OAuth login flow
• User finishes flow, is redirected back with X-authentik-auth-callback query parameter set
• Outpost recognises the parameter being passed forward to it and finishes the authentication flow
• Outpost redirects to initial URL user opened

Sadly, nginx still doesn't support getting a 302 from an auth subrequest without writing the 302 redirect in the nginx config, so nginx will require /outpost.goauthentik.io/start to be publicly accessible (which is still a bit better)

---

Since this only lowers the requirements it shouldn't be a breaking change, but needs more testing with traefik and nginx

[netlify]

✅ Deploy Preview for authentik ready!

Name	Link
🔨 Latest commit	3c66f80
🔍 Latest deploy log	https://app.netlify.com/sites/authentik/deploys/62e4efb0eace7d0009b12668
😎 Deploy Preview	https://deploy-preview-3151--authentik.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[codecov]

Codecov Report

Merging #3151 (d1c4818) into main (f373084) will decrease coverage by 39.64%.
The diff coverage is 30.19%.

❗ Current head d1c4818 differs from pull request most recent head d6b70f1. Consider uploading reports for the commit d6b70f1 to get more accurate results

@@             Coverage Diff             @@
##             main    #3151       +/-   ##
===========================================
- Coverage   92.03%   52.40%   -39.63%     
===========================================
  Files         466      466               
  Lines       21170    21212       +42     
===========================================
- Hits        19482    11114     -8368     
- Misses       1688    10098     +8410     

Impacted Files	Coverage Δ
authentik/policies/api/policies.py	61.06% <0.00%> (-28.42%)	⬇️
authentik/policies/tests/test_policies_api.py	0.00% <0.00%> (-100.00%)	⬇️
authentik/stages/prompt/tests.py	0.00% <0.00%> (-100.00%)	⬇️
authentik/stages/prompt/models.py	50.75% <35.30%> (-49.25%)	⬇️
authentik/outposts/models.py	85.59% <100.00%> (-1.80%)	⬇️
authentik/tenants/api.py	86.54% <100.00%> (-9.53%)	⬇️
authentik/tenants/models.py	100.00% <100.00%> (ø)
tests/__init__.py	0.00% <0.00%> (-100.00%)	⬇️
authentik/api/schema.py	0.00% <0.00%> (-100.00%)	⬇️
authentik/root/tests.py	0.00% <0.00%> (-100.00%)	⬇️
... and 324 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 24f95fd...d6b70f1. Read the comment docs.