Fix 355 - Don't duplicate ? if qs in redirect url

[geoff-va]

Instead of appending a ? or # (implicit), parse the query string and fragment for parameters. Add our parameters and rebuild the redirect uri. This also changes %20 to + in query strings (since it was originally quoteed and now I'm using urlencode. No double dipping.)

This should hopefully be more robust to redirect_uri's containing query parameters / fragment parameters.

One thing that it will not account for is if the fragment doesn't contain a parameter, but a single argument. That would be lost. But I'm not sure if you could legally combine those in a fragment? eg: https://example.com/#anchor&param=value

This also adds tests for AuthorizeError.create_uri and fixes updates the test_missing_nonce test to account for this change.