Document new OAuth changes for 4.3.0

[ThisIsMissEm]

• Add /.well-known/oauth-authorization-server documentation, per Implement RFC 8414 for OAuth 2.0 server metadata mastodon#29191
• Document deprecation of redirect_uri on Application and addition of redirect_uris
• Document added support for mutliple redirect URIs for OAuth Applications, per Support multiple redirect_uris when creating OAuth 2.0 Applications mastodon#29192
• Add warning hints around client_id, client_secret, access_token and code values that they should be treated as if they are password, and stored securely.
• Document removal of required read scope for GET /api/v1/apps/verify_credentials (this now just requires a valid access token), per Feature: Allow oauth application introspection without read scope mastodon#27142
• Reworked OAuth Scopes page to be clearer.
• Document client_secret_expires_at on Application, per Add client_secret_expires_at to OAuth Applications mastodon#30317
• Document the fact that on 4.2.x Applications could be deleted at any time and result in broken authentication flows, fixed by Fix: remove broken OAuth Application vacuuming & throttle OAuth Application registrations mastodon#30316
• Document Application vs CredentialApplication split, per Support multiple redirect_uris when creating OAuth 2.0 Applications mastodon#29192
• Document new profile scope, per Change read:me scope to profile scope mastodon#30357 & Add read:me OAuth 2.0 scope, allowing more limited access to user data mastodon#29087
• Document PKCE Extension, and why using PKCE is recommended for all applications, per: Enable OAuth PKCE Extension mastodon#31129
• Document Removal of OAuth Resource Owner Password Grant Flow, per: Remove OAuth Password Grant Type support mastodon#30960 (removal happens in post-4.3)
• Document Removal of crypto scope, per: Remove unused E2EE messaging code mastodon#31193

This branch is based on #1444

[ThisIsMissEm]

I have noticed that there is some churn here due to my editor using Prettier for markdown documents. We may want to consider adopting prettier for this repository.

[github-actions]

This pull request has merge conflicts that must be resolved before it can be merged.

[ThisIsMissEm]

Have address majority of the code review comments and left replies where I disagree with said comments or need more information.

[github-actions]

This pull request has resolved merge conflicts and is ready for review.

[github-actions]

This pull request has merge conflicts that must be resolved before it can be merged.

[github-actions]

This pull request has resolved merge conflicts and is ready for review.

[ThisIsMissEm]

@ClearlyClaire This is the change I did for the removal of the Password Grant Flow Type. Since it's not actually deprecated in 4.3, I've just made it a paragraph explaining it has been supported, but not when it's removed.

[ThisIsMissEm]

@ClearlyClaire this is the documentation I've gone with to explain PKCE, I think linking to OAuth.net's documentation around PKCE explains this better than I could here.

[ThisIsMissEm]

I have separately documented on the oauth/authorize and oauth/token endpoints that we accept the PKCE parameters.

[ThisIsMissEm]

@renchap have rebased this and finished the two remaining tasks.

[oneiros]

I added two tiny, tiny remarks, otherwise this looks good to me and should be merged asap.

[oneiros]

I took the liberty to commit my two small adjustments, so that we can finally merge.

Feel free to open up a follow-up PR if you disagree with my changes. And thanks for all the hard work on this!

[ThisIsMissEm]

@oneiros those changes looked good, I think in the future reworking all this documentation to be more like AT Protocol's OAuth documentation might be a good idea. I think the current tutorial-based documentation leaves a lot to be desired.