mod_http_oauth2: Strip unknown client metadata
Per RFC 7591
> The authorization server MUST ignore any client metadata sent by the
> client that it does not understand (for instance, by silently removing
> unknown metadata from the client's registration record during
> processing).
This was previously done but unintentionally removed in 90449babaa48
This module logs events where more than a certain amount of CPU time was
spent.
``` lua
log_cpu_threshold = 0.01 -- in seconds, so this is 10 milliseconds
```
Uses the Lua
[`os.clock()`](http://www.lua.org/manual/5.2/manual.html#pdf-os.clock)
function to estimate CPU usage.