feat: capture access token from IdP

[shawnhankim]

Issue Item:

• Capture access token from IdP #54

Background:

• Current NJS implementation disregard the access_token that is being sent by the IdP and only uses the id_token to get stored in the NGINX Plus K/V store.

• Token Recommandation

  When Using	Do	Don't
  ID Token	- Assume the user is authenticated	- Call an API
  	- Get user profile data	- Check if the client is allowed to access something.
  Access Token	- Call an API	- Inspect its content on the client
  	- Check if the client is allowed to access something
  	- Inspect its content on the server side

  courtesy: ID Token and Access Token: What's the Difference?

Description:

• Captured the access_token sent by the IdP.
• Stored the access_token in the k/v store as same as we store id_token and refresh_token
• Some contents of README.md file is automatically changed by IDE. (e.g., * -> -)

Compatibility:

• This PR does not block the existing features as it just adds access_token.

Exceptions:

• The example of API authorization will be separately provided in the other PR.
• The OIDC simulation tool (a bundle SPA and Docker environment for app) will be separately provided in the other PR to test the API authorization using this access_token.

[shawnhankim]

Per discussion with @route443 , I close this PR and have consolidated it into #62. The doc PR will be separately raised.