Not all id providers allow authentication clients to use the email
scope.

This is especially true under GDPR, when the email is not needed by the
authentication client to provide its services.

The only usage of the email field in `get_or_create_user` is to print a
debug message if an unknown user tries to authenticate and automatic
account creation is disabled.

By abstracting this access by moving it into a new method
`describe_user_by_claims`, authentication clients which identify users
by other claims (e.g. `sub`), can now do so without having to
duplicate large parts of the `get_or_create_user` methods when
subclassing `OIDCAuthenticationBackend`.