chore(oidc): graduate webkey to stable (#10122)

# Which Problems Are Solved

Stabilize the usage of webkeys.

# How the Problems Are Solved

- Remove all legacy signing key code from the OIDC API
- Remove the webkey feature flag from proto
- Remove the webkey feature flag from console
- Cleanup documentation

# Additional Changes

- Resolved some canonical header linter errors in OIDC
- Use the constant for `projections.lock` in the saml package.

# Additional Context

- Closes #10029
- After #10105
- After #10061

proto/zitadel/feature/v2/instance.proto

@@ -11,8 +11,8 @@ import "zitadel/feature/v2/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2;feature";
 
 message SetInstanceFeaturesRequest{
-  reserved 3, 6;
-  reserved "oidc_legacy_introspection", "actions";
+  reserved 3, 6, 8;
+  reserved "oidc_legacy_introspection", "actions", "web_key";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -49,13 +49,6 @@ message SetInstanceFeaturesRequest{
     }
   ];
 
-  optional bool web_key = 8 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable the webkey/v3alpha API. The first time this feature is enabled, web keys are generated and activated.";
-    }
-  ];
-
   optional bool debug_oidc_parent_error = 9 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -125,8 +118,8 @@ message GetInstanceFeaturesRequest {
 }
 
 message GetInstanceFeaturesResponse {
-  reserved 4, 7;
-  reserved "oidc_legacy_introspection", "actions";
+  reserved 4, 7, 9;
+  reserved "oidc_legacy_introspection", "actions", "web_key";
   zitadel.object.v2.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -163,13 +156,6 @@ message GetInstanceFeaturesResponse {
     }
   ];
 
-  FeatureFlag web_key = 9 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable the webkey/v3alpha API. The first time this feature is enabled, web keys are generated and activated.";
-    }
-  ];
-
   FeatureFlag debug_oidc_parent_error = 10 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";

proto/zitadel/feature/v2beta/instance.proto

@@ -11,8 +11,8 @@ import "zitadel/feature/v2beta/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta;feature";
 
 message SetInstanceFeaturesRequest{
-  reserved 3, 6;
-  reserved "oidc_legacy_introspection", "actions";
+  reserved 3, 6, 8;
+  reserved "oidc_legacy_introspection", "actions", "web_key";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -49,13 +49,6 @@ message SetInstanceFeaturesRequest{
     }
   ];
 
-  optional bool web_key = 8 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable the webkey/v3alpha API. The first time this feature is enabled, web keys are generated and activated.";
-    }
-  ];
-
   optional bool debug_oidc_parent_error = 9 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -91,8 +84,8 @@ message GetInstanceFeaturesRequest {
 }
 
 message GetInstanceFeaturesResponse {
-  reserved 4, 7;
-  reserved "oidc_legacy_introspection", "actions";
+  reserved 4, 7, 9;
+  reserved "oidc_legacy_introspection", "actions", "web_key";
   zitadel.object.v2beta.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -129,13 +122,6 @@ message GetInstanceFeaturesResponse {
     }
   ];
 
-  FeatureFlag web_key = 9 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable the webkey/v3alpha API. The first time this feature is enabled, web keys are generated and activated.";
-    }
-  ];
-
   FeatureFlag debug_oidc_parent_error = 10 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";