Add support for WebAuth
Upstream Docs: https://github.com/OpenVPN/openvpn3/blob/master/doc/webauth.md#auth-token-usage
Since OpenVPN 2.6, its much easier to setup an SSO based auth workflow. While a dedicated OpenVPN Management Process was needed before, OpenVPN 2.6 introduce new option to offer deferred authentication via auth-user-pass-verify scripts.
With deferred authentication, the OpenVPN server can send a URL to an client to handle the authentication. In theory, Users does not need to provide client certificates or username/password. The authenticated can be completely handled outside of OpenVPN instead users login into company IDP (e.g. Keycloak) and after login, the OpenVPN authentication will be resolved automatically.
While the most functionally is done in OpenVPN itself, NetworkManager-openvpn need to react to the WEBAUTH server response and the URL locally. Additionally, NetworkManager-openvpn must sent IV_SSO=1 to advertise support for WebAuth.
I'm developing a auth-user-pass-verify script to setup SSO support for OpenVPN: https://github.com/jkroepke/openvpn-auth-oauth2