Support Authentication Method client_secret_basic

[timnolte]

For additional reference for supporting Basic Authentication.

https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication

9. Client Authentication

This section defines a set of Client Authentication methods that are used by Clients to authenticate to the Authorization Server when using the Token Endpoint. During Client Registration, the RP (Client) MAY register a Client Authentication method. If no method is registered, the default method is client_secret_basic.

These Client Authentication methods are:

client_secret_basic Clients that have received a client_secret value from the Authorization Server authenticate with the Authorization Server in accordance with Section 2.3.1 of OAuth 2.0 [RFC6749] using the HTTP Basic authentication scheme.

client_secret_post Clients that have received a client_secret value from the Authorization Server, authenticate with the Authorization Server in accordance with Section 2.3.1 of OAuth 2.0 [RFC6749] by including the Client Credentials in the request body.

client_secret_jwt Clients that have received a client_secret value from the Authorization Server create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256. The HMAC (Hash-based Message Authentication Code) is calculated using the octets of the UTF-8 representation of the client_secret as the shared key.

A plugin setting to toggle between client_secret_basic & client_secret_post/client_secret_jwt is what would probably be implemented.

Originally posted by @timnolte in https://github.com/oidc-wp/openid-connect-generic/issues/207#issuecomment-680512319