Allow for option to bypass query escaping the auth header credentials

[mwielbut]

Some (many, it seems) OAuth providers do not adhere to the standard of accepting query escaped credentials. If your client ID or client secret contains non-URL query characters they will be rejected by the OAuth provider.
The current implementation always query escapes the client_id and client_secret:
req.SetBasicAuth(url.QueryEscape(clientID), url.QueryEscape(clientSecret))
This PR proposes the ability the register an auth provider that does not escape the header and bypasses the escaping.
func RegisterNonQueryEscapedAuthHeaderProvider(tokenURL string)
and

if nonEscapableAuth {
	req.SetBasicAuth(clientID, clientSecret)
} else {
	req.SetBasicAuth(url.QueryEscape(clientID), url.QueryEscape(clientSecret))
}

This has been raised several times:
#251
#318
#320
but without this feature this library cannot be used against some key OAuth providers.

We already have the ability to bypass the header authentication for OAuth providers that require a client_id and client_secret be passed as parameters--this builds on that.

[googlebot]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here (e.g. I signed it!) and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

[mwielbut]

CLA signed.

[googlebot]

CLAs look good, thanks!

[gopherbot]

This PR (HEAD: 9a6b29a) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/153878 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Gobot Gobot:

Patch Set 1:

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
Within the next week or so, a maintainer will review your change and provide
feedback. See https://golang.org/doc/contribute.html#review for more info and
tips to get your patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

During May-July and Nov-Jan the Go project is in a code freeze, during which
little code gets reviewed or merged. If a reviewer responds with a comment like
R=go1.11, it means that this CL will be reviewed as part of the next development
cycle. See https://golang.org/s/release for more details.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/153878.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Brad Fitzpatrick:

Patch Set 1:

I would really rather not add more sad knobs like this to compensate for broken servers. The existing one is sad enough.

Can we instead just try both ways? If one fails, try the other?

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/153878.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Matt Wielbut:

Patch Set 1:

Patch Set 1:

I would really rather not add more sad knobs like this to compensate for broken servers. The existing one is sad enough.

Can we instead just try both ways? If one fails, try the other?

I'm ok with that approach. An extra 401 shouldn't be that bad.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/153878.
After addressing review feedback, remember to publish your drafts!

[dmgcodevil]

any plans on merging this PR ?

[efimovalex]

any plans for releasing this change?

[gopherbot]

Message from Go Bot:

Patch Set 1:

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
Within the next week or so, a maintainer will review your change and provide
feedback. See https://golang.org/doc/contribute.html#review for more info and
tips to get your patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

During May-July and Nov-Jan the Go project is in a code freeze, during which
little code gets reviewed or merged. If a reviewer responds with a comment like
R=go1.11, it means that this CL will be reviewed as part of the next development
cycle. See https://golang.org/s/release for more details.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/153878.
After addressing review feedback, remember to publish your drafts!

[alupuleasa]

Will this PR ever be merged?

[mwielbut]

Closing in favor of #476