Add a federated identity guide (#41779)

* Draft a federated identity guide

* Update files/en-us/web/security/authentication/federated_identity/index.md

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update files/en-us/web/security/authentication/federated_identity/index.md

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* back-channel logout example sentence

* OP->IdP

* Clearer language

* ...

* ...

* Clarify authorization code injection

* Reword client id preamble

* Update CSRF description

* Add a section on FedCM

* Link to BCP

* Mention PKCE downgrade attacks

* Recommend client auth based on public-key crypto

* Add sections on choosing idps and a summary

* Update wording for client secret

* clarify that PKCE is not used when the attacks work

* Apply suggestions from code review

Co-authored-by: Hamish Willee <[email protected]>

* Hint that client===RP

* Review feedback

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Hamish Willee <[email protected]>

Author: 3 people