feat: allow to configure DataProtection

src/Sitko.Core.App.Web/SitkoCoreWebApplicationBuilder.cs

@@ -88,22 +88,17 @@ protected override void BeforeContainerBuild()
             });
         }
 
-        AddDataProtection();
+        var dataProtectionBuilder = Services.AddDataProtection()
+            .SetApplicationName(BootApplicationContext.Name)
+            .SetDefaultKeyLifetime(TimeSpan.FromDays(90));
+        webOptions.ConfigureDataProtection?.Invoke(dataProtectionBuilder);
+
         ConfigureHealthChecks(Services.AddHealthChecks());
     }
 
     protected virtual IHealthChecksBuilder ConfigureHealthChecks(IHealthChecksBuilder healthChecksBuilder) =>
         healthChecksBuilder;
 
-    private void AddDataProtection() =>
-        ConfigureDataProtection(Services.AddDataProtection());
-
-    protected virtual IDataProtectionBuilder
-        ConfigureDataProtection(IDataProtectionBuilder dataProtectionBuilder) =>
-        dataProtectionBuilder
-            .SetApplicationName(BootApplicationContext.Name)
-            .SetDefaultKeyLifetime(TimeSpan.FromDays(90));
-
     // https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/
     private static void CheckSameSite(HttpContext httpContext, CookieOptions options)
     {
@@ -163,6 +158,8 @@ public class SitkoCoreWebOptions
     public bool AllowAllForwardedHeaders { get; set; } = true;
     public bool EnableStaticFiles { get; set; } = true;
 
+    public Action<IDataProtectionBuilder>? ConfigureDataProtection { get; set; }
+
     public SitkoCoreWebOptions AddCorsPolicy(string name, CorsPolicy policy, bool isDefault = false)
     {
         if (CorsPolicies.ContainsKey(name))