Standalone: support for PKCE

[ostrya]

see https://tools.ietf.org/html/rfc7636

[ostrya]

Checking the current implementation, one could argue that "it works" in the sense that the server currently ignores any PKCE challenge and verifier codes. If at any point it becomes critical that an authorization request is actually rejected for an invalid verifier code, please write a comment here, otherwise this will not be implemented for now.