chore(oidc): graduate webkey to stable (#10122)

# Which Problems Are Solved

Stabilize the usage of webkeys.

# How the Problems Are Solved

- Remove all legacy signing key code from the OIDC API
- Remove the webkey feature flag from proto
- Remove the webkey feature flag from console
- Cleanup documentation

# Additional Changes

- Resolved some canonical header linter errors in OIDC
- Use the constant for `projections.lock` in the saml package.

# Additional Context

- Closes #10029
- After #10105
- After #10061

internal/api/oidc/integration_test/userinfo_test.go

@@ -35,21 +35,14 @@ func TestServer_UserInfo(t *testing.T) {
 	tests := []struct {
 		name    string
 		trigger bool
-		webKey  bool
 	}{
 		{
 			name:    "trigger enabled",
 			trigger: true,
 		},
-
-		// This is the only functional test we need to cover web keys.
-		// - By creating tokens the signer is tested
-		// - When obtaining the tokens, the RP verifies the ID Token using the key set from the jwks endpoint.
-		// - By calling userinfo with the access token as JWT, the Token Verifier with the public key cache is tested.
 		{
-			name:    "web keys",
+			name:    "trigger disabled",
 			trigger: false,
-			webKey:  true,
 		},
 	}
 
@@ -57,7 +50,6 @@ func TestServer_UserInfo(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			_, err := Instance.Client.FeatureV2.SetInstanceFeatures(iamOwnerCTX, &feature.SetInstanceFeaturesRequest{
 				OidcTriggerIntrospectionProjections: &tt.trigger,
-				WebKey:                              &tt.webKey,
 			})
 			require.NoError(t, err)
 			testServer_UserInfo(t)