BCP 2.4: Deprecate Resource owner password-based grant type

[n2ygk]

Is your feature request related to a problem? Please describe.

The resource owner password-based grant type is insecure and is a "MUST NOT" in the OAuth 2 BCP.

Describe the solution you'd like

Per BCP section 2.4 deprecate this feature.

Describe alternatives you've considered

Additional context

[dopry]

While I'm in favor of recommending against the Resource Owner flow in 3rd party authentication scenarios. It is still a valuable feature for 1st party authentication in some scenarios.