completeAuthorization() passes is_new to saveUserinfo() but not to the $context variable checked afterwards

Problem/Motivation

When a new user registers through OpenID Connect with the registration mode set to "Visitors — administrator approval is required", the authorization flow displays a misleading error message even though the registration succeeds.
The error shown is:
> Error message: The username name has not been activated or is blocked.
This happens in OpenIDConnect::completeAuthorization() (line 456 of src/OpenIDConnect.php):
// Line 456: is_new is passed as a merge argument to saveUserinfo()
$this->saveUserinfo($account, $context + ['is_new' => TRUE]);
However, is_new is never set on the $context variable itself. Later, on line 462:
// Line 462: $context['is_new'] is checked — but it was never set on $context

if (empty($context['is_new'])) {
    $this->messenger->addError($this->t('The username %name has not been activated or is blocked.', [
        '%name' => $account->getAccountName(),
    ]));
}

Since $context['is_new'] was never assigned, empty() is always TRUE, and the error message is displayed for every blocked new user — even though registration succeeded and the account was correctly created with status 0 (blocked/pending approval).
This means hook_openid_connect_userinfo_save() implementations receive is_new => TRUE via the merged context, but the blocked-user check in completeAuthorization() does not see it because it reads from the original $context array.

Steps to reproduce

1. Configure OpenID Connect with a provider (e.g., Google)
2. Set registration to "Visitors — administrator approval is required" at /admin/config/people/accounts
3. Log out and register a new account via the OpenID Connect button
4. Observe the "Error message: The username X has not been activated or is blocked." message after successful registration
5. Check the user table — the account was created correctly with status 0
Expected behavior
For newly created accounts in administrative approval mode, the "has not been activated or is blocked" error should not be displayed. The user should only see the informational message:
> Thank you for applying for an account. Your account is currently pending approval by the site administrator.
The is_new flag should be available in $context for the blocked-user check, just as it is for hook_openid_connect_userinfo_save().

Proposed resolution

Set is_new on the $context variable directly before the blocked-user check, so both saveUserinfo() and the subsequent conditional read from the same source of truth:
// Store the newly created account.
$context['is_new'] = TRUE;
$this->saveUserinfo($account, $context);
This removes the + ['is_new' => TRUE] merge and instead sets it on $context beforehand, ensuring consistency between the hook and the blocked-user check.

Remaining tasks

- [ ] Implement the fix in OpenIDConnect::completeAuthorization()
- [ ] Add a test case for new user registration with REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL that verifies no error message is displayed
- [ ] Verify that existing hook_openid_connect_userinfo_save() implementations still receive is_new correctly

User interface changes

The misleading "Error message" container will no longer appear for new OIDC registrations. Users will only see the correct informational message about pending approval.

API changes

None. The fix aligns the actual behavior with the documented intent — is_new is already expected to be available in $context by both saveUserinfo() and the blocked-user check.

Data model changes

None.