Feat: Add /login/channels route and improve auth logic for frontend third-party login integration (#7521)

### What problem does this PR solve?

Add `/login/channels` route and improve auth logic to support frontend
integration with third-party login providers:

- Add `/login/channels` route to provide authentication channel list
with `display_name` and `icon`
- Optimize user info parsing logic by prioritizing `avatar_url` and
falling back to `picture`
- Simplify OIDC token validation by removing unnecessary `kid` checks
- Ensure `client_id` is safely cast to string during `audience`
validation
- Fix typo

---
- Related pull request: #7379 

### Type of change

- [x] New Feature (non-breaking change which adds functionality)
- [x] Documentation Update

conf/service_conf.yaml

@@ -75,11 +75,13 @@ redis:
 #     grant_type: 'authorization_code'
 #   custom_channel:
 #     type: oidc
+#     icon: sso
+#     display_name: "Custom Channel"
 #     issuer: https://provider.com/v1/oidc
 #     client_id: xxxxxxxxxxxxxxxxxxxxxxxxx
 #     client_secret: xxxxxxxxxxxxxxxxxxxxxxxx
 #     scope: "openid email profile"
-#     redirect_uri: https://your-app.com/oauth/callback/custom_channel
+#     redirect_uri: https://your-app.com/v1/user/oauth/callback/custom_channel
 # authentication:
 #   client:
 #     switch: false