Fix Keycloak logout parameters

[anncatton]

When Keycloak was upgraded to v20, the redirect_uri was deprecated, and new parameters are required to align with the OpenID spec, as outlined here: https://www.keycloak.org/docs/latest/upgrading/#openid-connect-logout

Logging out now gives an invalid_parameter error, and client cannot redirect back to the portal ui.

There are 2 options:

1. get rid of the Keycloak logout portion altogether, and treat this like our other Ego "logouts" - remove the JWT on the client, and disregard the keycloak session. This means logging back in to the portal would be similar to using a Google login, with no need to re-authenticate with a password because the session is maintained.
2. keep the true Keycloak logout, and modify the portal logout request to use new parameters client_id and post_logout_redirect_uri that v20 requires. This flow would require the user to confirm logout on Keycloak, and then would redirect back to the client. Ego as it is right now does not store the id_token we would need for a confirmation-less logout (using the param id_token_hint), and will require work to make it compliant in this respect.

**Include on this ticket:

• Ensure all urls are created using url-join, to avoid any invalid string composition.