rfc6749: ensure request parameters are not included more than once in authorization endpoint

[amCap1712]

Section 3.1 of the RFC6749 says "Request and response parameters MUST NOT be included more than once."

Add a method to the OAuth2Request object to obtain all the values for the keys in form + args data as a list. This helps detects repetition of request parameters. Also, add a django and flask test for the same.

What kind of change does this PR introduce? (check at least one)

• [x] Bugfix
• [ ] Feature
• [ ] Code style update
• [ ] Refactor
• [ ] Other, please describe:

Does this PR introduce a breaking change? (check one)

• [x] Yes
• [ ] No

If yes, please describe the impact and migration path for existing applications:

Possible breaking change for applications because clients that were repeating parameters in the request will now get an InvalidRequest error instead of successful authorization.

I don't see a reason why any client would do it intentionally but its enough of a concern, maybe we can add a flag or config to AuthorizationEndpointMixin to conditionally enable the check.

---

• [x] You consent that the copyright of your pull request source code belongs to Authlib's author.