Support Oauth 2 rather than raw access tokens

[ephraimkunz]

See https://canvas.instructure.com/doc/api/file.oauth.html.

I'll need the BYU-I Canvas administrator to give me client secrets, etc.
I'll need to handle redirecting to a website (with a web view?), retrieving the final token, and transparent refreshing after expiration.
I'll need to handle storing stuff in Keychain (https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/storing_keys_in_the_keychain).
I'll need to figure out how to avoid leaking client secrets.

[ephraimkunz]

Scott Burton said IT might not want to grant this permission.