Use "await JSONLD.getInstance()" instead

No longer needed

We can access that API without a token.

See issue #46

It was only used in the demo.

Replace with the event bus for now

In case the login process takes some time we would show a "login"
button which makes the user try to click it. There is a good chance
that aroudn that time we get logged in, so the click will log the user
out.

Avoid that by not showing anything during logging in.

They were hardcoded in more places

Add a scope so we don't have to care about naming conflicts
and set the verison to 0.1.0 since we don't have a stable API yet.

not supported in firefox 68

The keycloak library currently only sends us an event in case the token
is about to expire, which is problematic because there is a time window
where we don't have a new token yet and on mobile the timers used
might be suspended and come too late.

To avoid this we check every 10 seconds that the token is valid for 30
and to work around suspended timers we also check on "visibilitychange"
which should trigger then the website gets visible again after the browser
sleeps.

idpHint is only a login option, not an init one

While this shouldn't make a difference because the callback should
only be called when the token is about to be expiring there
is no reason to keep the old token around.

Just force a refresh always

This makes sure the library version works with the server version.

Ideally we'd also want to check the version so we can error out if a too
old keycloak server is on the other side, but I don't see any public API changes
that would allow us to know if the library is too old.

Fixes #32

it's unused atm

lit-html no longer allows merging them in literals.

Now that we have a separate component for keyclaok we can move those
keycloak specific settings into their own attributes.