No more ring

Refactoring and Tech Debt release

Moves all web server specific modules to separate crates
- `actix` is in `oxide-auth-actix`
  - Was updated to `actix-web = 1.0`
- `iron` is in `oxide-auth-iron`
- `rocket` is in `oxide-auth-rocket`
- `rouille` is in `oxide-auth-rouille`

Addressed the following deprecations
- The `ephemeral` constructor of `Assertion` is no longer accompanied by a
  wrongly spelled variant
- The type issue with `PublicExtensions` was resolved, `is_private` removed.
- The refresh attribute of `IssuedToken` is now an `Option`.

Interface improvements
- The error type `ring::Unspecified` was replaced by `RegistrarError`.
- Replaced the public constructor from `ring::hmac::SigningKey` with an opaque
  interface. Together with the above, this removes `ring` from the public
  interface of the crate, preparing the replacement with different crypto
  libraries.
- The version requirement for `ring` has been relaxed to `>=0.13,<0.15`.
- Added `iter` methods for `AuthorizationError` and `AccessTokenError`.
- Add extension `Value` reference accessors `public_value` and `private_value`.

Interface ergonomic adjustments
- The `BearerToken` and `ErrorDescription` conversion with `to_json` now takes
  `&self` by reference instead of by-value.
- Implemented `IntoIter` for `&AuthorizationError` and `&AccessTokenError`.
- The `description` method of `Copy` error kinds now takes `self` by value.
- Renamed extension `Value` variant owning accessors to include `into_`.
- Renamed statically checked `Generic` endpoint flow constructors.

Feature release

Added token refresh
- New `RefreshFlow` utilizing the same `Endpoint` trait as other flows.
- An empty refresh token in `IssuedToken` is now interpreted as an elided
  refresh token and the response to the client will not include one.
- Dedicated `Issuer::refresh` method with default (error-)impl to generate
  updated tokens.
- Differentiation between access token and refresh token requests needs to be
  done manually by user code for the moment.

Allow client secret in access token request body
- Optional, and NOT RECOMMENDED feature of rfc6749.
- Can be explicitely enabled in an `AccessTokenFlow`.

Ergonomic improvements
- Reworked examples to be based on the same client. Thus, they all have similar
  appearance and supported feature set.

Bugfix release

- Fix `iter_private` to iterate private extension data instead of public. This
  was a consequence of a wrong return type, which will be corrected in `v0.5`.
  Until then, the `PublicExtensions` iterator yields private extension data if
  constructed in `iter_private`. The correct interface is already available
  under the terser names `public` and `private`.
- Fix `Assertion` grants silently dropping private extensions instead of
  erroring (due to the above)
- The `ephemeral` constructor of Assertion grant generator is now spelled
  correctly. The old version will stay available until `v0.5`.

Bugfix release

Fixed the following bugs:
- Fix pbkdf2 based password policy strength check. It will now properly panic
  instead of silently panicking when provided with values `>32` (now behaves
  like the the documentation suggested).
- Client provided `redirect_uri` is now always equality checked by URI-path.
  String-based comparison would sometimes require unexpected parameter values.
- Improved release confidence with CI.

Documentation release

Improved the documentation on many high-level modules to clarify their usage
and target audience.

Feature release

Introduces the following features:
 - Reimplemented frontend for `iron`! Now with 100% more compatible code!
 - Modification functions for `TokenMap` for integration with external issuers.
 - Allow setting the duration of tokens on issuers.

Fixed the following bugs:
 - Fixed a missing trait bound for some older compilers (1.31)
   While those have no guarantee of support, at least one version seem reasonable
 - Links to the `acitx` example in documentation

Ergonomics & Feature rewrite

Introduces the following features:
 - A frontend for `actix`! Comes with basic 'async' computations.
 - A frontend for `rocket`! Idiomatic integration will be evaluated.
 - Additional traits allow using the backend without having to directly rely
   on primitives.  This is expected to provide enable additional choices for
   frontends in the future.

Breaking changes:
 - Too many to list. Read the migration notes for some help (or open an issue).
   A list containing most of the renamings done is found below. The rest of the
   change notes should give some overview on the extent of this rework.
 - Sorry. This was necessary for basic support of asynchronous server libraries.
   `v0.5.0` will contain even more as `async` becomes a primary feature in Rust.
   These will focus on the `code_grant` and backend parts, so that frontends
   (including `endpoint::Endpoint`) will–hopefully–be largely unaffected.

Replaces the frontend mechanism with a trait based system:
 - Better configurability of underlying primitives
 - Trait `Endpoint` introduces central, dedicated error handling
 - Expands the possible types for request and response representation

These interfaces were improved:
 - Names follow existing conventions more closely, such as http status codes
 - Competing usages of 'extension' has been split into 'Extension' and 'Addon'
 - Competing usages of 'authorization' has been replaced;
   All requests, functions and flows are now named by their result:
       AuthorizationFlow, AccessTokenFlow, ResourceFlow
 - The ResourceFlow now returns the grant that was authorized on success
 - Transformation wrappers for requests, e.g. MapErr to change error type
 - Error types now have a stricter usage explanation
 - Endpoints instantiating responses based on requirements of this library can
   customize the error descriptions and other user-facing output.
 - The documentation now clearly mentions the biggest use cases in the top-level
   documentation.  Documentation now refers to actix as a focus instead of iron.
 - Reduced compilation dependencies for some combination of features.
 - Additional examples in the documentation, examples now named after the
   frontend they use and generally run a bit smoother.
 - A 'NormalizedParameter' type supporting 'serde' ensures that key-value-pairs
   passed via query and body have at most one mapping per key.
 - The internal password hashing function `Pbkdf2` has been made public

Fixed the following bugs:
 - Errors in primitives leading to improper responses
 - Misusage of error types within the library
 - Prevent misusage of TokenGenerator (now `TagGrant`) in standard issuers
 - PKCE is now compliant to the base64 encoding laid out in RFC7636
 - Issues with valid authorization requests being rejected

Renamings (`old` -> `new`):
 - `code_grant::frontend` -> `endpoint`
 - `code_grant::frontend::{MultiValueQuery, SingleValueQuery}` -> `_`
   Note: removed in favour of `endpoint::{NormalizedParameter, QueryParameter}`
 - `code_grant::frontend::OwnerAuthorizer` -> `endpoint::OwnerSolicitor`
 - `code_grant::frontend::PendingAuthorization` -> `_`
   Note: no longer exists and is handled through `Endpoint` trait
 - `code_grant::backend::*` -> largely reworked, but logically `code_grant::*`
 - `code_grant::extensions::<trait>` -> `frontends::simple::extensions::*`
   Note: endpoint extensions are grouped in trait `endpoint::Extension`
 - `primitives::authorizer::Storage` -> `primitives::authorizer::AuthMap`
 - `primitives::grant::Extension` -> `primitives::grant::Value`

Thanks and More:
  For all of you that stick with me during the long period of seeming
  inactivity, this has been an exciting year. I've grown a lot in Rust and as a
  developer. The first versions were coined by a bit of naivity on my part and
  this one hopefully feels more mature and idiomatic.

Ergonomics & Feature rewrite

Replaces the frontend mechanism with a trait based system:
 - Better configurability of underlying primitives
 - Trait introduces central, dedicated error handling
 - Expands the possible types for request and response representation

These interfaces were improved:
 - Names follow existing conventions more closely, such as http status codes
 - Competing usages of 'authorization' has been replaced
 - All requests, functions and flows are now named by their result:
       AuthorizationFlow, AccessTokenFlow, ResourceFlow
 - Actix frontend now supports basic async operations
 - Ransformation wrappers for requests, e.g. MapErr to change error type
 - Error types now have a stricter usage explanation

Breaking changes:
 - Everywhere. Read the migration notes for some help (or open an issue).
 - Sorry. This was necessary to support an asynchronous server library.

Fixed the following bugs:
 - Errors in primitives leading to improper responses
 - Misusage of error types within the library

Ergonomics & Feature release

Introduces the following features:
 - A frontend for `actix`!
 - Additional traits allow using the backend without having to directly rely
   on primitives.  This is expected to provide enable additional choices for
   frontends in the future.

These interfaces were improved:
 - The documentation now clearly mentions the biggest use cases in the top-level
   documentation.  Documentation now refers to actix as a focus instead or iron.
 - Reduced compilation dependencies for some combination of features.
 - Additional examples in the documentation

(relative to v0.3.1)