A recent Kansas outage resulted in signins failing because the userinfo call we use to verify user whitelists was returning an error.

Guidance from Gaia is to use the id_token returned when we mint our refresh token, and parse/extract the hd parameter from that instead, saving an extra backend call.

Looks like we can extract that information and store it in UserContext and pass this through into the LoginPerformer.