mod_adhoc_oauth2_client: Update to call into mod_http_oauth2

mod_http_oauth2: Refactor to allow reuse of OAuth client creation

mod_http_oauth2: Fix userinfo status code off-by-one

mod_http_oauth2: Implement and return ID Token in authorization code flow Is this OIDC?

mod_http_oauth2: Reject non-local hosts in more code paths We're not issuing tokens for users on remote hosts, we can't even authenticate them since they're remote. Thus the host is always the local module.host so no need to pass around the host in most cases or use it for anything but enforcing the same host.

mod_http_oauth2: Add support for the "openid" scope This "openid" scope is there to signal access to the userinfo endpoint, which is needed for OIDC support. We don't actually check this later because the userinfo endpoint only returns info embedded in the token itself, but in the future we may want to check this more carefully.

mod_http_oauth2: Prepare to handle multiple e.g. non-role scopes This is to prepare to handle scopes like "openid" that don't map to roles.

mod_adhoc_oauth2_client: Make note in README about current broken state It could plausibly be made to work again using the stateless method internally.

mod_http_oauth2: Fix attempt to index a boolean value _This_ function signature strikes again It returns true, payload, but only passed the boolean on in place of the client, tripping up client_subset()

mod_audit: Allow disabling IP logging, or limiting it to a prefix