OIDC: include `sid` claim
Summary
sid
may be required during Front Channel Logout flow and could help for Back Channel Logout (#1194 (closed)). Il also provides a link between OP's user session and RP's user session.
Design proposition
# OP side, pseudo code
push $metadata->{claim}, 'sid';
# Anyway add it even if not required (spec allows ignored fields in ID token)
$id_token->{sid} = encrypt("$session_id:$rp");