OIDC login flow - code cleanup

This was fixed up enough in the original code. However, with the substantial changes underway to the flow, this should happen in line with the development and can be reviewed later.

Commit 8df5290a929ad6cf35605f4f1e66cd1781d2170a adds all Javadoc subject to scrutiny. 

It stands out that quite a bit of the OIDC token validation logic, which in places is incomplete, may be better served by passing more of it over to Nimbus e.g. using the com.nimbusds.openid.connect.sdk.validators.IDTokenValidator or similar (would need to check current version of Nimbus). However that is a bigger issue than this ticket. 

• Commit (462c1cd23db54cfc37bb7787682cb9759fd4e270) adds any missing @Nonnull and @Nullable annotations - also one or two others were appropriate. 

  • As best I could get these to match to the various contracts inc. Nimbus, the code still contains a few uses of potentially nullable variables - Although if the flow is guaranteed, the class that builds the OpenIDConnect context will set these values. 

 * Added the apache 2.0 license header to OIDC source files and included the MIT Licence for CSC in the idp-distribution (commit c36bde17d5b24e446289bea1302b402181a38230). 

Not being a particular area of expertise but…both MIT and Apache 2.0 licenses are permissive and compatible (MIT being a subset of Apache 2.0).  The only requirement is to ‘preserve the MIT notice’. Hence, as is the case of the JQuery MIT license in the IdP, I included the CSC MIT license in the idp-distribution resources/doc folder. 

•  Improve abbreviation (OIDC and ID) usage in names. Improve variable names. (commit b711b334f83d9559b3d221b0df00dfbea0957aa7)