Add PKCE (RFC 7636)

[eikemeier]

trafficstars

OAuth 2.0 security best current practice draft recommends using PKCE: https://www.ietf.org/archive/id/draft-ietf-oauth-security-topics-22.html#section-2.1.1-2.2.1

There is a feature request to integrate PKCE into golang.org/x/oauth2, but currently no native support.

[ewanharris]

Thanks for the PR @eikemeier, let me discuss with the team how we'd like to approach this (we tend to try and keep the samples aligned with their quickstart) and get back to you.