require PKCE / FAPI #198
Description
HAIP currently requires PKCE, but doesn't actually require that servers reject requests without PKCE.
As was done in a similar discussion in VCI ( openid/OpenID4VCI#534 ) we should consider just mandating FAPI2 instead.