[PM-33164] Fix OIDC response_mode to use spec-compliant default

[boris324]

Fixes #5461

Summary

Changed the hardcoded response_mode from form_post to query for external IdP OIDC configurations in DynamicAuthenticationSchemeProvider.

Per the OpenID Connect Discovery 1.0 spec, when the response_modes_supported field is omitted from the IdP discovery document, the default supported modes are query and fragment — not form_post.

This fix resolves SSO login failures with strict IdPs (e.g., Kanidm) that do not support form_post and actively reject requests using it. The query mode is already what Bitwarden accepts on the callback path, so this change aligns the request with actual behavior.

Test plan

• Verify SSO login works with IdPs that only support query response mode
• Verify SSO login still works with IdPs that support both query and form_post
• Check that the OIDC authorization redirect uses response_mode=query

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[bitwarden-bot]

Thank you for your contribution! We've added this to our internal tracking system for review.
ID: PM-33164
Link: https://bitwarden.atlassian.net/browse/PM-33164

Details on our contribution process can be found here: https://contributing.bitwarden.com/contributing/pull-requests/community-pr-process.