Is your feature request related to a problem? Please describe.
Some OpenID Connect Identity Providers have features that require extra arguments to be passed in the query string of the authentication request. The way the ingress controller currently constructs the query string doesn't allow for additional arguments to be inserted.

Keycloak, for example, allows the auth request to specify a preferred provider to delegate to via the "kc_idp_hint" parameter (e.g. "kc_idp_hint=facebook").

Describe the solution you'd like
The OIDC Policy object could allow extra arguments to be configured. If any extra arguments are present in the Policy they would be added to the query string when the auth request is constructed.

I have implemented a solution in PR #3034.

Describe alternatives you've considered
I looked for other ways of getting extra arguments into the auth request, but all of the components are either subject to strict validations or are used in other places where extra arguments are not appropriate.

Additional context
See the Keycloak documentation at https://www.keycloak.org/docs/latest/server_admin/#_client_suggested_idp for more information about their IdP hint feature.