mod_http_oauth2: Reflect changes to defaults etc
- Resource owner password grant was disabled by default
- Tokens now include a hash of client_id making it possible to be
reasonable sure that they were issued to a particular client
This module helps make BOSH and WebSocket connection endpoints
discoverable via the HTTP method described in
[XEP-0156](https://xmpp.org/extensions/xep-0156.html#http).