Consider Test IDP with shared secret

[kjetilk]

I just realized that the existence of a completely open IDP like I requested in #36 would undermine acl:AuthenticatedAgent, and so I figured we should have a simple shared secret between the test runner and the system under test.

However, as noted in https://github.com/solid/web-access-control-spec/issues/65, even though we don't expose an IDP that does not authenticate, there is nothing stopping others from doing so, it is the protocol that has to change if there is a disconnect between the protocol and security expectations that arise from it. Thus, I think this is lower priority, but we might do it.