Ensure Base64URL decoding is used

[Avery-Dunn]

In #894, some of the nimbus dependency was removed to simplify how the tokens were handled by the library.

Unfortunately, as discovered by #922 and #937, the replacement code introduced a regression: despite the name, nimbus's Base64Codec.decode() was decoding them as Base64URL, not Base64. This was not caught during testing because none of the library's tests happened to produce an encoded token with characters that a Base64 decoder would not accept.

This PR fixes that bug by using Base64.getUrlDecoder() instead of Base64.getDecoder() in TokenRequestExecutor.createAuthenticationResultFromOauthHttpResponse(). In addition, it adds a unit tests showing the behavior is now correct:

• It uses TestHelper.createIdToken() to get an encoded token, and shows that token would throw an IllegalArgumentException if passed into Base64.getDecoder() like was used in the old code
• It then sends encoded token through a typical flow, and shows the token was successfully decoded by checking the username which would've caused an IllegalArgumentException in the old code