Fix for #233 (token revocation dosn't work)

[lpodkalicki]

According to http://tools.ietf.org/html/rfc7009 additional endpoint for token revocation should implement client authentication (Basic Auth). It is also expected in oauthlib and cause that error. I have used "request.headers" (not so elegant but the only choice I see at the moment) to pass some information about additional endpoint to extend one condition:

if request.grant_type in grant_types or 'OAUTH2_ADDITIONAL_ENDPOINT' in request.headers:

[RafaelloLollipop]

Hello folks, I actually need this feature and I'm thinking about using fork and in the future coming back to master. However to do it i need to be sure that this feature will be in the next update. @lepture I will be very glad if you can confirm it and if it is possible also declare when is planned next release :) I can also help a bit if it will be somehow speed up process.

Great job btw.

[lepture]

@Vallher The solution of this PR is not elegant. If you can provide another solution, I'll merge it.