Tracking issue for clearing up what to do about OIDC apps' client_secrets being stored as app_keys by Porta

[unleashed]

We learnt in #280 that Porta is storing OIDC apps' client_secrets as app_key's, and that has caused confusion as to how to deal with OIDC in the 3scale Istio Adapter, as specifying the client_secret as an app_key while using the auth*.xml endpoints ends up in successfully authorizing requests.

This issue should be resolved when we know why this is being done and whether we should remove/not allow these keys to be stored for such apps, and consequently, whether a request for an OIDC service specifying an app_key parameter should be checked against the registered app_keys that we have in our data store.

/cc @davidor