feat(oidc): id token for device authorization (#7088)

* cleanup todo

* pass id token details to oidc

* feat(oidc): id token for device authorization

This changes updates to the newest oidc version,
so the Device Authorization grant can return ID tokens when
the scope `openid` is set.
There is also some refactoring done, so that the eventstore can be
queried directly when polling for state.
The projection is cleaned up to a minimum with only data required for the login UI.

* try to be explicit wit hthe timezone to fix github

* pin oidc v3.8.0

* remove TBD entry

internal/repository/deviceauth/constraints.go

@@ -1,8 +1,6 @@
 package deviceauth
 
 import (
-	"strings"
-
 	"github.com/zitadel/zitadel/internal/eventstore"
 )
 
@@ -13,15 +11,11 @@ const (
 	DuplicateDeviceCode = "Errors.DeviceCode.AlreadyExists"
 )
 
-func deviceCodeUniqueField(clientID, deviceCode string) string {
-	return strings.Join([]string{clientID, deviceCode}, ":")
-}
-
-func NewAddUniqueConstraints(clientID, deviceCode, userCode string) []*eventstore.UniqueConstraint {
+func NewAddUniqueConstraints(deviceCode, userCode string) []*eventstore.UniqueConstraint {
 	return []*eventstore.UniqueConstraint{
 		eventstore.NewAddEventUniqueConstraint(
 			UniqueDeviceCode,
-			deviceCodeUniqueField(clientID, deviceCode),
+			deviceCode,
 			DuplicateDeviceCode,
 		),
 		eventstore.NewAddEventUniqueConstraint(
@@ -32,11 +26,11 @@ func NewAddUniqueConstraints(clientID, deviceCode, userCode string) []*eventstor
 	}
 }
 
-func NewRemoveUniqueConstraints(clientID, deviceCode, userCode string) []*eventstore.UniqueConstraint {
+func NewRemoveUniqueConstraints(deviceCode, userCode string) []*eventstore.UniqueConstraint {
 	return []*eventstore.UniqueConstraint{
 		eventstore.NewRemoveUniqueConstraint(
 			UniqueDeviceCode,
-			deviceCodeUniqueField(clientID, deviceCode),
+			deviceCode,
 		),
 		eventstore.NewRemoveUniqueConstraint(
 			UniqueUserCode,