Feat: Add /login/channels route and improve auth logic for frontend third-party login integration (#7521)

### What problem does this PR solve?

Add `/login/channels` route and improve auth logic to support frontend
integration with third-party login providers:

- Add `/login/channels` route to provide authentication channel list
with `display_name` and `icon`
- Optimize user info parsing logic by prioritizing `avatar_url` and
falling back to `picture`
- Simplify OIDC token validation by removing unnecessary `kid` checks
- Ensure `client_id` is safely cast to string during `audience`
validation
- Fix typo

---
- Related pull request: #7379 

### Type of change

- [x] New Feature (non-breaking change which adds functionality)
- [x] Documentation Update

api/apps/auth/README.md

@@ -20,7 +20,7 @@ oauth_config = {
     "authorization_url": "https://provider.com/oauth/authorize",
     "token_url": "https://provider.com/oauth/token",
     "userinfo_url": "https://provider.com/oauth/userinfo",
-    "redirect_uri": "https://your-app.com/oauth/callback/<channel>"
+    "redirect_uri": "https://your-app.com/v1/user/oauth/callback/<channel>"
 }
 
 # OIDC configuration
@@ -29,7 +29,7 @@ oidc_config = {
     "issuer": "https://provider.com/v1/oidc",
     "client_id": "your_client_id",
     "client_secret": "your_client_secret",
-    "redirect_uri": "https://your-app.com/oauth/callback/<channel>"
+    "redirect_uri": "https://your-app.com/v1/user/oauth/callback/<channel>"
 }
 
 # Get client instance