Doc on session/claims workflows

[brockallen]

I'd like a sequence diagram or picture showing what claims exist where during a typical protocol flow in the session (at both IdentityServer and in the client), and in the persisted grants DB at IdentityServer, and how/when the profile service is involved, and in the access token and at the API. I was thinking a pic per major protocol flow, or interaction:

• implicit flow
• code flow w/ and w/o userinfo
  • we'd need to explain the "AlwaysInclude" option in here and how it affects the claims
• refresh token renewal
  • we'd need to explain the "UpdateClaims" option
• API invocation w/ access token w/ and w/o introspection

The intent of this would be to show to people that aren't so familiar with the protocols or even the ASP.NET Core cookie authentication handler how and where all this fits together

[brockallen]

This thread as an example of what people are struggling with: https://github.com/DuendeSoftware/Support/issues/253#issuecomment-1273449133

[brockallen]

Related: https://github.com/DuendeSoftware/Support/issues/234#issuecomment-1290594085