Authlib

This is the last release before v1.0. In this release, we added more RFCs
implementations and did some refactors for JOSE:

- RFC8037: CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE)
- RFC7638: JSON Web Key (JWK) Thumbprint

We also fixed bugs for integrations:

- Fixed support for HTTPX>=0.14.3
- Added OAuth clients of HTTPX back via 270
- Fixed parallel token refreshes for HTTPX async OAuth 2 client
- Raise OAuthError when callback contains errors via 275

**Breaking Change**:

1. The parameter `algorithms` in `JsonWebSignature` and `JsonWebEncryption`
are changed. Usually you don't have to care about it since you won't use it directly.
2. Whole JSON Web Key is refactored, please check [JSON Web Key (JWK)](https://docs.authlib.org/en/latest/jose/jwk.html#jwk-guide)

- Fix HTTPX integration via 232 and 233.
- Add "bearer" as default token type for OAuth 2 Client.
- JWS and JWE don't validate private headers by default.
- Remove ``none`` auth method for authorization code by default.
- Allow usage of user provided ``code_verifier`` via 216.
- Add ``introspect_token`` method on OAuth 2 Client via 224.

- Fix OAuth 1.0 client for starlette.
- Allow leeway option in client parse ID token via 228.
- Fix OAuthToken when ``expires_at`` or ``expires_in`` is 0 via 227.
- Fix auto refresh token logic.
- Load server metadata before request.

- Quick fix for legacy imports of Flask and Django clients

In this release, Authlib has introduced a new way to write framework integrations for clients.

**Bug fixes** and enhancements in this release:

- Fix HTTPX integrations due to HTTPX breaking changes
- Fix ES algorithms for JWS
- Allow user given nonce via 180.
- Fix OAuth errors get_headers leak.
- Fix code_verifier via 165.

**Breaking Change**: drop sync OAuth clients of HTTPX.

This is the release that makes Authlib one more step close to v1.0. We did a huge refactor on our integrations. Authlib believes in monolithic design, it enables us to design the API to integrate with every framework in the best way. In this release, Authlib has re-organized the folder structure, moving every integration into the integrations folder. It makes Authlib to add more `integrations` easily in the future.

**RFC implementations** and updates in this release:

- RFC7591: OAuth 2.0 Dynamic Client Registration Protocol
- RFC8628: OAuth 2.0 Device Authorization Grant

**New integrations** and changes in this release:

- HTTPX OAuth 1.0 and OAuth 2.0 clients in both sync and async way
- Starlette OAuth 1.0 and OAuth 2.0 client registry
- The experimental `authlib.client.aiohttp` has been removed

Bug fixes and enhancements in this release:

- Add custom client authentication methods for framework integrations.
- Refresh token automatically for client_credentials grant type.
- Enhancements on JOSE, specifying `alg` values easily for JWS and JWE.
- Add PKCE into requests OAuth2Session and HTTPX OAuth2Client.

**Deprecate Changes**: find how to solve the deprecate issues via <https://git.io/Jeclj>