feat: add RawID to session manager

…ject

So one step back for the time being.

Don't specify cryptojwt requirement.

Changes that this PR accomplish:

- If response_type == id_token return userinfo that normally would be returned from the userinfo endpoint in the id_token.
- Don't run parse_cookie twice. One after the other.
- Allow for different claims release policies to be in effect simultaneously (typically id_token+userinfo).
- Error response when response_mode == form_post not handled correctly. return_uri needed.
- Use extra info in ValueError exception instance to return correct error code.
- Allow endpoints to have their own request verification error handler.
- Having session ID in ID Token instance simplifies things.
- Finding the last issued token of a specific type is useful.
- Should check if client session is revoked.
- Revoked all grants issued to a user/client pair.
- Merged the two ClaimsInterface versions.
- Removed tests using method that was removed and incomplete test.
- Client registration endpoint should return a 201 HTTP response code on successful registration.
- Default token lifetime should not be 0 (zero). Changed to be 30 minutes (1800 seconds).
- Authorization error response MUST contain 'state' if it is present in the request.
- Check cookie age.
- Revoke tokens that has been minted using a code that then is used once more.
- prompt==login forces re-authentication.
- prompt attribute is a list.
- FAPI OP example project