Allow providers to pass account attributes such as affiliation.
Required for NFDI, see https://iam.services.base4nfdi.de/attributes/ and #119
To be used in jskos-server for extended access control, see gbv/jskos-server#232
To be discussed:
- some attributes can be modified freely, some are trused from a particular identity provider
- should attributes be embedded in JWT or pass via web socket?