Document response_type in verify_client callback

[mrenvoize]

This clarifies the documentation for the verify_client callback
subroutine signature and also updates the example too.

[mrenvoize]

Pretty sure this resolves issue #4. The default _verify_client code found within ImplicitGrant appears to take account response type inherently without the need to response_type being passed (::Plugin::OAuth2::Server traps that we're in an ImplicitGrant situation before the verify_callback is called so directs us to the right callback (so long as the callbacks aren't overridden and therefore shared between grant types).

I've therefore tried to resolve this documentation clarification.

[coveralls]

Coverage remained the same at 97.802% when pulling da2131a on mrenvoize:response_type into a335511 on Humanstate:master.

[mrenvoize]

We could further enforce this by requiring response_type be passed to, and equal to 'token', _verify_client for this grant type which may add further code clarity.. But I'm not entirely sure it's required with these documentation updates in place?

[leejo]

Merged, thanks! I'll hold back on building a release for CPAN until the other issues/PRs are done/tweaked.