add the "forms" provider

[boyvinall]

Placeholder issue for pulling together some discussion/thoughts on this. Couple of thoughts on this at the moment:

• I think the providers should be able to add their own hooks on the httprouter. The forms provider will need sign-up, verify-email-address and some other endpoints that are not needed for other providers
• I'm not 100% comfortable with the HandleChallengeGET() being registered for both GET & POST on the root endpoint. This relates a little to the discussion in Using a better name for Respond in Provider interface #3 over the Respond() method - I was thinking that the forms provider would only ever return a form for GET, but I don't want to interfere and take this some direction you don't want.

I'm happy to put some work into this.

[janekolszak]

It would be nice to avoid imposing router implementation - you can use httprouter, gin or whatever. For example handling verify-email endpoint can be done like handling consent endpoint - just call the right API from the provider inside the handler.
The first version of the IDP was working like you proposed and it got pretty complicated.

Sorry, HandleChallengeGET can be removed from POST. It's not used.

[boyvinall]

see #11, will continue to extend a little as needed but probably ok to close this one

[janekolszak]

Great work, thank you!