Validate client secret for confidential clients

[shawnz]

As discussed in this thread aliev/aioauth#91, the example app currently doesn't validate client secrets. This adds validation for client secrets as well as some tests to ensure the functionality works. The database schema was also changed to allow null client secrets for public non-confidential clients.

Before adding validation:

FAILED tests/test_oauth2.py::test_authorization_code_no_secret - AssertionError: no client secret for a confidential client should be rejected
FAILED tests/test_oauth2.py::test_authorization_code_wrong_secret - AssertionError: wrong client secret for a confidential client should be rejected

Results (28.04s):
       6 passed
       2 failed
         - tests/test_oauth2.py:88 test_authorization_code_no_secret
         - tests/test_oauth2.py:109 test_authorization_code_wrong_secret

After adding validation:

Results (26.11s):
       8 passed

[aliev]

Hey, @shawnz. It looks good. Should I merge it?

[shawnz]

Sure! Thanks for your time with this