Update CWS web API docs to reflect updated OAuth token guidance

[dotproto]

The Using the Chrome Web Store Publish API documentation currently advises extensions developers to acquire an OAuth token using Google OAuth's out of bad (OOB) flow. This flow is being deprecated (blog post).

OAuth out-of-band (oob) flow will be deprecated (link)

OAuth out-of-band (OOB) is a legacy flow developed to support native clients which do not have a redirect URI like web apps to accept the credentials after a user approves an OAuth consent request. The OOB flow poses a remote phishing risk and clients must migrate to an alternative method to protect against this vulnerability. New clients will be unable to use this flow starting on Feb 28, 2022.

We need to update our documentation to reflect the new recommended flow: Loopback IP address flow.

Related issues

• b/231976283

• 2562

[dotproto]

The current recommendation is that developers use the Loopback IP address flow.

To address potential confusion (I was confused), the blog post indicates that the "Loopback IP address flow" is being disallowed in some cases. At first I thought this applied to us as well, but it seems that desktop applications are still allowed to use this flow and it appears that our use case qualifies.