This pull request introduces support for OIDC (OpenID Connect) and SSO (Single Sign-On) integration via oauth2-proxy, including configuration examples, endpoints, and documentation. It adds new endpoints for OIDC discovery and JWKS, provides a complete Docker Compose example for securing apps with Atom as an SSO provider, and updates dependencies to support OIDC and SAML features.

OIDC & SSO Integration:

• Added OIDC Discovery (/.well-known/openid-configuration) and JWKS (/.well-known/jwks.json) endpoints at both root and API paths, allowing external oauth2-proxy and other OIDC clients to discover and verify Atom's authentication capabilities. [1] [2] [3] [4]
• Implemented dynamic base URL resolution in the OIDC discovery endpoint to support deployments behind proxies or with custom domains.

Deployment and Usage Documentation:

• Added docker-compose.proxy-example.yml with example configurations for protecting multiple applications (Grafana, Sonarr, Radarr) using oauth2-proxy as a sidecar, demonstrating best practices for SSO integration with Atom.
• Created a comprehensive quick setup guide (docs/QUICK_SETUP.md) covering prerequisites, OAuth client creation, environment variable usage, production tips, troubleshooting, and extending protection to additional apps.

Dependency Updates:

• Updated and added dependencies in package.json for OIDC and SAML support, including jsonwebtoken, node-jose, samlify, and xml-crypto. Also updated development dependencies for type support. [1] [2]

Database Migration Utility:

• Added a migration script (scripts/migrate_tags.js) to add a tags column to the users table, improving user metadata extensibility.