Specify the client authentication method when using a Client Identifier

[NSeydoux]

When making a request to the token endpoint of an OIDC provider, a client usually authenticates itself. Client authentication methods at the token endpoint are described in the OpenID spec (and to some extent the OAuth 2.0 spec, and they usually rely on a client having a client id/secret pair, either through static or dynamic registration.

Solid-OIDC introduces a new type of client authentication based on a Client Identifier available at a URL under the client's control, which means that no client registration is required, and no client secret is involved. The only method described in the OpenID spec that aligns with the absence of a client secret and any other form of registration is the none client authentication method. In addition, the OAuth 2.0 spec seems to lean towards enforcing that HTTP Basic auth is only used when both a client id and secret are present. In the absence of a client secret, the client_id should therefore be sent as part of the token request body.

Considering all this, it may be good to add a note to the Solid-OIDC specification, in the Client Identifiers section along the following lines:

### Client Authentication to the token endpoint

Clients using a URI that can be dereferenced as a Client ID Document MUST authenticate to the Solid-OIDC provider's token endpoint by adding their `client_id` to the token request body, as described by the `none` client authentication method in [OIDC.Core].