Save id_token to session when they are sent as part of auth flows #108
Description
In some flows with "openid" profile-related scopes, the identity provider sends an id_token together with the access_token or authorization_code to the app. In these cases, save the id_token immediately in the session instead of having app code make additional round trips to the identity provider's token endpoint subsequently to ask for the id_token again.
See https://developers.google.com/identity/openid-connect/openid-connect and https://learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow.