Incorrect response code for user credentials grant type

[SventB]

The status code 401 introduced in #290 was wrong, it should be 400, see https://tools.ietf.org/html/rfc6749#section-5.2, but see especially https://stackoverflow.com/questions/22586825/oauth-2-0-why-does-the-authorization-server-return-400-instead-of-401-when-the and https://www.ietf.org/mail-archive/web/oauth/current/msg02127.html