Improve docs on `force_provider_authentication`

[adombeck]

We've had reports that users expect the force_provider_authentication setting to always require device authentication during login. That's not the case, it instead forces a token refresh during login, which fails if the user does not have the necessary permissions in the identity provider. That is documented in the comment in the broker.conf file:

authd/authd-oidc-brokers/conf/variants/oidc/broker.conf

Lines 16 to 17 in 6ebaca8

	## This works by forcing a token refresh during login, which fails if the
	## user does not have the necessary permissions in the identity provider.

but it's not documented in https://documentation.ubuntu.com/authd/edge-docs/howto/configure-authd/#force-remote-authentication-with-the-identity-provider.

We should also consider whether the name is misleading and whether there is a better name for the setting (force_provider_permission_check?).

[shiv-tyagi]

We should also consider whether the name is misleading and whether there is a better name for the setting

What about force_token_refresh? I tells what it does.

[adombeck]

What about force_token_refresh? I tells what it does.

That's the technical description of what it does but the idea behind the current name is to describe the benefit it provides.