The provider.Verifier.Verify endpoint we were using only works with ID
tokens. This isn't an issue with systems which use ID tokens as access
tokens (e.g. dex), but for systems with opaque access tokens (e.g.
Google / GCP), those access tokens could not be verified.
Instead, check the access token against the getUserInfo endpoint.

Signed-off-by: Sean Liao <sean+git@liao.dev>
Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com>