Store OpenID cookie secret in settings db and make it unique per instance

src/oidc.js

@@ -710,6 +710,13 @@ async function start() {
         jwksKeys.push(JSON.parse(keyRs256));
     }
 
+    let cookieSecret = await settings.getCookieSecret();
+    if (!cookieSecret) {
+        debug('Generating new cookie secret');
+        cookieSecret = require('crypto').randomBytes(256).toString('base64');
+        await settings.setCookieSecret(cookieSecret);
+    }
+
     const configuration = {
         findAccount,
         renderError,
@@ -740,8 +747,7 @@ async function start() {
         allowOmittingSingleRegisteredRedirectUri: true,
         clients: [],
         cookies: {
-            // FIXME https://github.com/panva/node-oidc-provider/blob/b1c1a9318036c2d3793cc9e668f99937c5c36bc6/lib/helpers/defaults.js#L770
-            keys: [ 'cookiesecret1', 'cookiesecret2' ]
+            keys: [ cookieSecret ]
         },
         pkce: {
             required: function pkceRequired(/*ctx, client*/) {