feat(pkce): add EnforcePKCEForPublicClients config flag (#431)
Alternative proposal for the issue discussed in #389 and #391, where enforcement of PKCE is wanted only for certain clients.
Add a new flag EnforcePKCEForPublicClients which enforces PKCE only for public clients. The error hint is slightly different, as it mentions PKCE is enforced for "this client" rather than "clients". (It intentionally does not mention why it's enforced, as I think basing it on public clients is an implementation detail that servers may want to change without adding to the error hints).
Closes #389
Closes #391
