add initial version of keycloak extension

[HarshCasper]

Summary

• Add Keycloak extension for LocalStack using Docker sidecar pattern
• Pre-configure default realm with OAuth2 client, admin/user roles, and service account
• Auto-register Keycloak as OIDC identity provider in LocalStack IAM for AssumeRoleWithWebIdentity flows
• Include sample app demonstrating API Gateway + Lambda Authorizer with JWT validation and role-based access control
• Provide Makefile automation for extension installation, sample app deployment, and testing

[remotesynth]

I went through the basic readme and the sample app aspects and it worked fine.

[whummer]

Looks great, kudos for driving this @HarshCasper ! 🚀

I've checked out the changes and did some local testing - the sample app deploys nicely, and tests are passing. 👌

(Side note: Weirdly, there were some issues with running in EXTENSION_DEV_MODE=1 dev mode with the new standalone CLI /cc @silv-io - but could also have been an issue in my local setup, will investigate further..)

[whummer]

nit: The egg here needs to match the extension name. We could either rename the extension to localstack-keycloak in pyproject.toml, or update the command here to use localstack-keycloak. (We don't currently follow a consistent pattern, but I would probably prefer the former, as localstack-keycloak seems a bit shorter, and we've also used this pattern for the wiremock extension recently.)