Create cookie authmech tied to an OIDC token

Create an AuthMech that will validate a cookie tied to the id_token in the Authorization header.  This lets us better support single-page-applications that need tokens for alternative audiences.  This way an attacker will need to have both the user's id_token and the cookie.  This way, if the id_token is leaked by a service.