Step Up Authentication improvements

[Dominik Schlosser]

Dear Keycloak Developers,

my client tries to use Step Up Authentication in a rather complex setup and struggles using the current implementation in Keycloak.

Thus i would like to propose some improvements, to increase the flexibility of this feature:

1. Make the ACR to LoA mapping a SPI so the strategy of determining the requested LoA can be customized. I created a PR for this: https://github.com/keycloak/keycloak/pull/24594

2. Right now, Step Up Authentication only works if you use ConditionalLoaAuthenticators which basically dictate splitting the authentication flow by LoA-value. This would not be feasible for our client since there would be a lot of duplications for all possible LoA values (and there are a lot of possible values), making the flow really big and hard to maintain.
We tried to circumvent that and just use AcrStore to set the current level in a custom authenticator, but this doesnt work, since AcrStore sets the maxAge-value to the configured value in the corresponding ConditionalLoaAuthenticator in the browser-Flow of the current realm and 0 (expires immediately) as default. 
For us, just changing the default of 0 to a bigger value (effectively infinite in our case) would help, but this should be configurable or a parameter in AcrStore to be usable by everyone. 

I could open a PR to add a parameter to AcrStore.setLevelAuthenticated and AcrStore.setLevelAuthenticatedToCurrentRequest if you want

Thank you for your time.

Kind regards,

Dominik