mod_http_oauth2: Fix validation of informative URIs Iterating over wrong table

mod_http_oauth2: Use more compact IDs UUIDs are nice but so verbose! The reduction in entropy for the nonce should be fine since the timestamp is also counts towards this, and it changes every second (modulo clock shenanigans), so the chances of someone managing to get the same client_secret by registering with the same information at the same time as another entity should be negligible.

mod_http_oauth2: Validate that informative URLs match the redirect URIs It is a bit shady to have the various URIs (URLs really) point to different hostnames. This may be quite stricter than required, but can always be relaxed later.

mod_http_oauth2: Reject insecure redirect URIs Is this enough, or are they going to be using ftp:// and gopher://?

mod_http_oauth2: Validate that redirect URIs are absolute

mod_http_oauth2: Validate basic URI syntax of redirect URIs

mod_spam_report_forwarder: Forward spam/abuse reports to one or more JIDs

mod_http_oauth2: Require URL to client informational page in registration Since it's used without fallback in the template, seems someone expected this to always be there, and we might as well.

mod_http_oauth2: Reorder client metadata validation schema Having 'type' first seems right

mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID