fix(oidc): ignore algorithm for legacy signer (#9148)

# Which Problems Are Solved

It was possible to set a diffent algorithm for the legacy signer. This
is not supported howerver and breaks the token endpoint.

# How the Problems Are Solved

Remove the OIDC.SigningKeyAlgorithm config option and hard-code RS256
for the legacy signer.

# Additional Changes

- none

# Additional Context

Only RS256 is supported by the legacy signer. It was mentioned in the
comment of the config not to use it and use the webkeys resource
instead.

- closes #9121

cmd/defaults.yaml

@@ -530,9 +530,6 @@ OIDC:
   GrantTypeRefreshToken: true # ZITADEL_OIDC_GRANTTYPEREFRESHTOKEN
   RequestObjectSupported: true # ZITADEL_OIDC_REQUESTOBJECTSUPPORTED
 
-  # Deprecated: The signing algorithm is determined by the generated keys.
-  # Use the web keys resource to generate keys with different algorithms.
-  SigningKeyAlgorithm: RS256 # ZITADEL_OIDC_SIGNINGKEYALGORITHM
   # Sets the default values for lifetime and expiration for OIDC
   # This default can be overwritten in the default instance configuration and for each instance during runtime
   # !!! Changing this after the initial setup will have no impact without a restart !!!