OpenIdConnectHandler.AuthenticateAsync should not throw SecurityTokenException

[brentschmaltz]

If message.Error is ! null, the OIDC handler throws SecurityTokenException, it should throw OpenIdConnectProtocolException. Other SecurityTokenExceptions should be considered as well.

[Tratcher]

This was already fixed by #55 where we changed many of these exceptions to AuthenticationResult.Failed.