fix(oauth2): specify correct client type in `code_challenge` error msg

[onematchfox]

Summary

PKCE enforcement can be applied to both public and confidential clients as per the implementation of requires_pkce. Currently the error returns to calling applications will always specify that code_challenge is required for **public** clients (even if the calling client is a confidential client). This PR ensures that the error message correctly reflects the client type.

Full changelog

• Use client.client_type when building "code challenge required" error message to ensure that the error message correctly reflects the calling client's type
• Updated existing test for confidential client to reflect the updated error message.

Issue reference