Before, this logic was only in the OIDCServer.CodeToken() method; now it has been
pulled out so that other paths, like OIDCServer.RefreshToken() can use
it.
The net affect, is that now refresh tokens can be used to get
cross-client authenticated ID Tokens.
The Client object on its own doesn't fully express everything about a
single client, and so when loading clients from a static configuration
it's not enough to just (de)serialize clients.
To that end, LoadableClient contains the full representation of a client
and associated entities.
Replaced by ClientRepoFromClients, which makes more sense IMO. Also, it
was doing the wrong thing: it was ignoring the client_id and client_secret
passed into it as far as I can tell.
The DB implementation expects secrets to be base64 encoded blobs.
Because of this a bunch of tests broke moving to sqlite.
A lot of this commit is fixing those tests.
This commit moves the user.Manage to its own package (user/manager)
so it can import the connector package in a later commit.
For clarity, it renames "Manager" to "UserManager" using gorname.
This commit has no functional changes.
