Use `authlib` util `get_well_known_url` to get the well-known URL for
the OIDC server metadata. This will ensure that the URL is correctly
formatted and does not fail when the OIDC server application URL has a
trailing slash.
Fixes#1430.
Instead of using just strings, this change converts the scopes to a
`StrEnum`, to be compatible with places where a string is expected. This
avoids typos when using these scopes, simplifies searching for usages,
and improves type hints.
An extra change was the fix to the Firmware download endpoint, which
wasn't respecting the `DISABLE_DOWNLOAD_ENDPOINT_AUTH` flag.
As recommended by SQLAlchemy [1], this change makes a single
instantiation of the database engine and session maker, instead of one
entity per handler.
It also uses the provided `URL` constructor to better define the
database URL structure.
[1] https://docs.sqlalchemy.org/en/20/core/connections.html#basic-usage
