ROSA must support external OIDC token issuers

Outcome Overview

Customers desire

1. integration with 3rd party authentication providers that support machine to machine workflows (azure active directory resource owners, for instance)
2. migration from existing kubernetes authentication (external OIDC is present and multiple provider support is coming soon)
3. multi-cluster token issuer configuration (backstage and ACM)

This outcome is about achieving that.

Success Criteria

To be successful 

1. we must be able to configure external OIDC providers on all OCP form factors
2. we must be able to maintain those configurations over time, including efficient debugging and mutation as needs change
3. support multiple token providers per cluster to allow migration
4. allow cross-cloud OIDC configuration (cluster in aws, contacting azure)
5. have an easy to deploy reference architecture for an multi-cluster OIDC provider (probably keycloak)
6. have all RH provided token consumers interoperate with external OIDC providers.

Expected Results (what, how, when)

What incremental impact do you expect to create toward the company's Strategic Goals by delivering this outcome?  (possible examples:  unblocking sales, shifts in product metrics, etc. + provide links to metrics that will be used post-completion for review & pivot decisions). {}For each expected result, list what you will measure and when you will measure it (ex. provide links to existing information or metrics that will be used post-completion for review and specify when you will review the measurement such as 60 days after the work is complete)

TBD: David isn't sure if he can list measurement on the specifics of the item.

Post Completion Review – Actual Results

After completing the work (as determined by the "when" in Expected Results above), list the actual results observed / measured during Post Completion review(s).