Added support for redirecting to the web

[PieterKas]

Added option for redirecting to the web.

Notes:

1. Re-using the PAR response - feels strange to have the "request_uri" parameter as the redirect URI - is that OK?
2. Added and example of redirecting to the web. Not entirely sure how control gets passed back to the "native" app/client or how much detail we should provide.

[aaronpk]

I see the problem with the current text.

In PAR, the response is a request_uri which represents the PAR request itself:

 HTTP/1.1 201 Created
 Content-Type: application/json
 Cache-Control: no-cache, no-store

 {
  "request_uri": "urn:ietf:params:oauth:request_uri:6esc_11ACC5bwc014ltc14eY22c",
  "expires_in": 60
 }

The client is expected to then start an authorization request and put the request_uri value in the request_uri query string parameter:

GET /authorize?client_id=s6BhdRkqt3&request_uri=urn%3Aietf%3Aparams
  %3Aoauth%3Arequest_uri%3A6esc_11ACC5bwc014ltc14eY22c

So the text in this section should instead be:

"redirect":
: REQUIRED. A Pushed Authroization Request (PAR) response as defined in
Section 2.2 of {{RFC9126}}. The request_uri parameter contains the URI that
the client should use in the authorization request.