Changes to OAuth 2.0 Implicit Grant Flow handling

[mpdunlop]

Made the following changes on top of @panaC's branch:

• Not using the OPDS Authentication Document's Id as the client_id, using "http://opds-spec.org/auth/client" in all cases
• OPDS Authentication Document Id is validated against the id returned in the callback_url (validation skipped if missing for backwards compatability)
• Basic OPDS Authentication Document validation
• Debug messaging improvements to provide developers with context about why requests are rejected
• Documentation of OAuth parameters and any workarounds for OPDS Authentication/OAuth specification conflicts