feat: add option for insecure service account authentication

src/Zitadel/Credentials/ServiceAccount.cs

@@ -134,7 +134,7 @@ public async Task<string> AuthenticateAsync(string audience, AuthOptions? authOp
             var manager = new ConfigurationManager<OpenIdConnectConfiguration>(
                 authOptions.DiscoveryEndpoint ?? DiscoveryEndpoint(audience),
                 new OpenIdConnectConfigurationRetriever(),
-                new HttpDocumentRetriever(HttpClient));
+                new HttpDocumentRetriever(HttpClient) { RequireHttps = authOptions.RequireHttps ?? true });
 
             var oidcConfig = await manager.GetConfigurationAsync();
 
@@ -246,6 +246,11 @@ public record AuthOptions
             /// </summary>
             public string? DiscoveryEndpoint { get; init; }
 
+            /// <summary>
+            /// Requires Https secure channel for sending requests. This is turned ON by default for security reasons. It is RECOMMENDED that you do not allow retrieval from http addresses by default.
+            /// </summary>
+            public bool? RequireHttps { get; init; }
+
             /// <summary>
             /// Set a list of roles that must be attached to this service account to be
             /// successfully authenticated. Translates to the role scope ("urn:zitadel:iam:org:project:role:{Role}").