fix(oidc): store requested response_mode (#8145)

# Which Problems Are Solved

Zitadel never stored or returned the requested `response_mode` in oidc
Auth Requests. This caused the oidc library to fallback to the default
based on the response_type.

# How the Problems Are Solved

- Store the `response_mode` in the Auth request repo
- Store the `response_mode` in the Auth request v2 events
- Return the `resonse_mode` from the Auth Request v1 and v2
`ResponseMode()` methods. (Was hard-coded to an empty string)

# Additional Changes

- Populate the `response_modes_supported` to the oidc Discovery
Configuration. When it was empty, the standard specifies the default of
`query` and `fragment`. However, our oidc library also supports
`form_post` and by this fix, zitadel now also supports this.

# Additional Context

- Closes #6586
- Reported
https://discord.com/channels/927474939156643850/1151508313717084220

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>

internal/command/auth_request_test.go

@@ -54,6 +54,7 @@ func TestCommands_AddAuthRequest(t *testing.T) {
 								[]string{"openid"},
 								[]string{"audience"},
 								domain.OIDCResponseTypeCode,
+								domain.OIDCResponseModeQuery,
 								nil,
 								nil,
 								nil,
@@ -89,6 +90,7 @@ func TestCommands_AddAuthRequest(t *testing.T) {
 							[]string{"openid"},
 							[]string{"audience"},
 							domain.OIDCResponseTypeCode,
+							domain.OIDCResponseModeQuery,
 							&domain.OIDCCodeChallenge{
 								Challenge: "challenge",
 								Method:    domain.CodeChallengeMethodS256,
@@ -115,6 +117,7 @@ func TestCommands_AddAuthRequest(t *testing.T) {
 					Scope:        []string{"openid"},
 					Audience:     []string{"audience"},
 					ResponseType: domain.OIDCResponseTypeCode,
+					ResponseMode: domain.OIDCResponseModeQuery,
 					CodeChallenge: &domain.OIDCCodeChallenge{
 						Challenge: "challenge",
 						Method:    domain.CodeChallengeMethodS256,
@@ -137,6 +140,7 @@ func TestCommands_AddAuthRequest(t *testing.T) {
 					Scope:        []string{"openid"},
 					Audience:     []string{"audience"},
 					ResponseType: domain.OIDCResponseTypeCode,
+					ResponseMode: domain.OIDCResponseModeQuery,
 					CodeChallenge: &domain.OIDCCodeChallenge{
 						Challenge: "challenge",
 						Method:    domain.CodeChallengeMethodS256,
@@ -220,6 +224,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 								[]string{"openid"},
 								[]string{"audience"},
 								domain.OIDCResponseTypeCode,
+								domain.OIDCResponseModeQuery,
 								nil,
 								nil,
 								nil,
@@ -261,6 +266,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 								[]string{"openid"},
 								[]string{"audience"},
 								domain.OIDCResponseTypeCode,
+								domain.OIDCResponseModeQuery,
 								nil,
 								nil,
 								nil,
@@ -300,6 +306,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 								[]string{"openid"},
 								[]string{"audience"},
 								domain.OIDCResponseTypeCode,
+								domain.OIDCResponseModeQuery,
 								nil,
 								nil,
 								nil,
@@ -338,6 +345,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 								[]string{"openid"},
 								[]string{"audience"},
 								domain.OIDCResponseTypeCode,
+								domain.OIDCResponseModeQuery,
 								nil,
 								nil,
 								nil,
@@ -399,6 +407,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 								[]string{"openid"},
 								[]string{"audience"},
 								domain.OIDCResponseTypeCode,
+								domain.OIDCResponseModeQuery,
 								nil,
 								nil,
 								nil,
@@ -449,6 +458,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 								[]string{"openid"},
 								[]string{"audience"},
 								domain.OIDCResponseTypeCode,
+								domain.OIDCResponseModeQuery,
 								nil,
 								nil,
 								nil,
@@ -513,6 +523,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 						Scope:        []string{"openid"},
 						Audience:     []string{"audience"},
 						ResponseType: domain.OIDCResponseTypeCode,
+						ResponseMode: domain.OIDCResponseModeQuery,
 					},
 					SessionID:   "sessionID",
 					UserID:      "userID",
@@ -535,6 +546,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 								[]string{"openid"},
 								[]string{"audience"},
 								domain.OIDCResponseTypeCode,
+								domain.OIDCResponseModeQuery,
 								nil,
 								nil,
 								nil,
@@ -600,6 +612,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 						Scope:        []string{"openid"},
 						Audience:     []string{"audience"},
 						ResponseType: domain.OIDCResponseTypeCode,
+						ResponseMode: domain.OIDCResponseModeQuery,
 					},
 					SessionID:   "sessionID",
 					UserID:      "userID",
@@ -678,6 +691,7 @@ func TestCommands_FailAuthRequest(t *testing.T) {
 								[]string{"openid"},
 								[]string{"audience"},
 								domain.OIDCResponseTypeCode,
+								domain.OIDCResponseModeQuery,
 								nil,
 								nil,
 								nil,
@@ -712,6 +726,7 @@ func TestCommands_FailAuthRequest(t *testing.T) {
 						Scope:        []string{"openid"},
 						Audience:     []string{"audience"},
 						ResponseType: domain.OIDCResponseTypeCode,
+						ResponseMode: domain.OIDCResponseModeQuery,
 					},
 				},
 			},
@@ -773,6 +788,7 @@ func TestCommands_AddAuthRequestCode(t *testing.T) {
 								[]string{"openid"},
 								[]string{"audience"},
 								domain.OIDCResponseTypeCode,
+								domain.OIDCResponseModeQuery,
 								&domain.OIDCCodeChallenge{
 									Challenge: "challenge",
 									Method:    domain.CodeChallengeMethodS256,
@@ -810,6 +826,7 @@ func TestCommands_AddAuthRequestCode(t *testing.T) {
 								[]string{"openid"},
 								[]string{"audience"},
 								domain.OIDCResponseTypeCode,
+								domain.OIDCResponseModeQuery,
 								&domain.OIDCCodeChallenge{
 									Challenge: "challenge",
 									Method:    domain.CodeChallengeMethodS256,