Consider not issuing TokenIssuedFailureEvent for use_dpop_nonce error

[runegri]

Which version of Duende IdentityServer are you using? HelseID is using v7.0.6

Which version of .NET are you using? .Net 8, latest patch release

Describe the bug The HelseID security profile requires that DPoP proofs should include a server generated DPoP nonce, in practice this means that all Token requests using DPoP will first end up failing with an error message containing the nonce value to be used in the next request. This works fine, but since IdentityServer returns an error message we end up polluting our logs with an endless list of TokenIssuedFailureEvents. It would be nice to have a way to change this behavior since this is an expected response.

To Reproduce Perform a token request where a server side generated nonce is required. Verify that a TokenIssuedFailureEvent is emitted.

Expected behavior It would be nice if the event was omitted for this error or if the behavior was configurable.