Mention secrets in README

Hey,

It would be cool if you could explain about the hard-code client id and client secrets in the README and that they are harmless?
I never saw someone publishing the client id and client secret of oauth apps and was first worried 😅

@shyim Does 6d4dd40 explain clearly?

git-credential-oauth/main.go

Lines 45 to 50 in 6d4dd40

    
           // IMPORTANT: The client "secret" below is non confidential. 
        
           // This is expected for OAuth native apps which (unlike web apps) are public clients 
        
           // "incapable of maintaining the confidentiality of their credentials" 
        
           // "It is assumed that any client authentication credentials included in the application can be extracted" 
        
           // https://datatracker.ietf.org/doc/html/rfc6749#section-2.1 
        
           ClientSecret: "2b746eea028711749c5062b9fe626fed78d03cc0",

Sounds good thanks!

	// IMPORTANT: The client "secret" below is non confidential.
	// This is expected for OAuth native apps which (unlike web apps) are public clients
	// "incapable of maintaining the confidentiality of their credentials"
	// "It is assumed that any client authentication credentials included in the application can be extracted"
	// https://datatracker.ietf.org/doc/html/rfc6749#section-2.1
	ClientSecret: "2b746eea028711749c5062b9fe626fed78d03cc0",