Some OpenID Connect providers, notably Google, don't follow the spec
and allow refresh tokens to be requested with the "offline_access"
scope. Try to determine which we're talking to by checking the
supported_scopes listed by the provider discovery.
Since we don't have a good strategy which takes a username and password
add a mock connector which implementes PasswordConnector so we can
develop the frontend screens.
It's not clear that the best way to manage clients is through a
gRPC based command line tool. For example we may explore an admin
dashboard and enable bootstrapping through static clients.
For now use static clients while we hold off on a more concrete
proposal.
