Added support for extension_fhirUser claim for SMART auth

[namalu]

Description

This PR adds support for extension_fhirUser token claim which can be used with Azure B2C to map FHIR user resources with B2C user accounts. This PR also removes support for sending FHIR user data in a request header.

Milestone S126

Testing

Manual testing was performed to ensure these changes work with Azure B2C.
Unit tests have been updated to ensure code quality and guard against regression.

FHIR Team Checklist

• Update the title of the PR to be succinct and less than 65 characters
• Add a milestone to the PR for the sprint that it is merged (i.e. add S47)
• Tag the PR with the type of update: Bug, Build, Dependencies, Enhancement, New-Feature or Documentation
• Tag the PR with Open source, Azure API for FHIR (CosmosDB or common code) or Azure Healthcare APIs (SQL or common code) to specify where this change is intended to be released.
• Tag the PR with Schema Version backward compatible or Schema Version backward incompatible or Schema Version unchanged if this adds or updates Sql script which is/is not backward compatible with the code.
• CI is green before merge
• Review squash-merge requirements

Semver Change (docs)

Patch|Skip|Feature|Breaking (reason)

[feordin]

We did discuss that if both the extension_fhirUser and fhirUser claim were both present and did not agree that we should throw an exception.

It does seem clean here that we simply prefer fhirUser, and only check extension_fhirUser if necessary. I am open to leaving it as is, or adding the exception logic.

[namalu]

I'm inclined to leave this as is. Because the claims are generated and signed by the issuer, I don't think having a preference for one claim over another raises a security concern. Also, other than significant human error, I would imagine that if both claims did exist they would likely point to the same FHIR resource.