add client credentials grant diagram

[dannymeloy]

• added link to existing client credentials grant diagram
• changed the client references in the diagrams to indicate which contexts different grants might be used

Resolves #99

[lo-simon]

I have some comments on the diagram.

1. I think we need to add the sequence for Request Authorization Server Metadata before the one time Client Registration, this is also applied to the authorization_flow diagram.
2. In Client Registration, I think it may be good to specify using private_key_jwt for token_endpoint_auth_method and don't think Re-direct URL is required (that will require to remove redirect_uris from the register_client_request schema). Using private_key_jwt, there is no Client Secert to return.
3. In Request access token, replace Client Secret and Redirect URI with Client Assertion (for self signed JWT)
4. Should we also add some words regarding about client_credentials grant_type should be used for token refresh, i.e. not using the refresh_token grant for grant_type.

[dannymeloy]

I've added the metadata endpoint request as you suggested @simonlo-sony and I've also updated the diagrams to be a bit more consistent with one another. Considering there are different methods of client authentication detailed in the spec, I've made both diagrams a bit more generic, so haven't specified any particular auth method (so steered away from specifying private_key_jwt or client_secret_post etc) as these diagrams primary purpose is highlight the top level sequence of calls required for each grant type, so the readers can easily see the differences, without boiling down to the implementation detail.

[lo-simon]

Should the actors User agent and Resource Owner be removed too.

Need to update the register_client_request schema to remove redirect_uris from the required fields constrain.