Consolidate BrowserAuthorizationCallbackHandler into BrowserAuthorizationClient

[mattbjordan]

Get rid of BrowserAuthorizationCallbackHandler and have everything be handled by BrowserAuthorizationClient.

The BrowserAuthorizationCallbackHandler and BrowserAuthorizationClient now share many of the same options (or will once #88 is merged), so their functionality makes more sense to be combined now.

Notes from @evelynpreslar-bentley in #88 (comment)

The main incentive I had for splitting these into 2 classes was to make the config as simple as possible. Before oidc-client-ts made the client-id and authority required for handling callbacks, this made more sense, because all you needed was a redirect-uri. Unless we make the effort to preserve that simplicity, though, I agree that merging the two classes into one starts to make more sense.

Keeping them separate does make it easier for apps to handle callbacks as early as possible, since less configuration is required. Previously, I saw many SPA apps using the same client used for signin also being used to handle callbacks. This meant that half the app would load before handling redirects, because certain config variables were needed, but I don’t think that’s a good enough reason on its own to advocate keeping them separate. Apps should have a special route for redirects anyway.