Consider enabling UserInfo cache by default for OAuth2 providers

[sberyozkin]

Description

Right now, if any of the Oauth2 providers which give only an access token, Quarkus does an indirect access token verification to allow an access to Quarkus, by requesting UserInfo which is a provider specific JSON representing someting about the authenticated user.
To control the rate limiting, one has to enable the cache which can be considered suboptimal.
@Sanne and @FroMage propose to have the cache enabled by default, with Sanne suggesting to warn in the logs to make sure the users are aware, and if the users want they can then explicitly disable it.

Implementation ideas

What needs to be decided if what kind of cache is enabled by default in this case, the default in-mem one or a stateless one where UserInfo is kept in the encrypted cookie.

I guess if the encryption is enabled with a proper secret key size, then it can be kept in the generated ID token in the encrypted cookie.

In the short term, as proposed by @Sanne, a log message advising to enable the cache will be of help

[quarkus-bot]

/cc @gwenneg (cache)