feat(LI-7): Restrict access token by application allowed uris (DS-600)

[JuanDavidBuitrago]

Description

This PR make changes from Nuez migration where restrict access token by application, with this allow to use the bearer token only in the tenant site for the application created and it can't be used in another tenant site.

Testing instructions

1. Use the changes with this branch ol/ednx/LI-7
2. Create two tenant sites (http://{lms_base}/admin/eox_tenant/tenantorganization/), for example tenant-a and tenant-b.
3. Create an application (http://{lms_base}/admin/oauth2_provider/application/), use:
   • User: admin
   • Redirect uris: add the tenan-a created in step 2
   • Client type: confidential
   • Authorization grant type: client credentials
4. Use postman to make a POST (http://{lms_base_tenant-a}/oauth2/access_token) to get an access token, use the client_id and client_secret created in step 3.
5. To test the funcionality, make a GET (http://{lms_base_tenat-a}/eox-tagging/api/v1/tags/), use the access token created in step 4. You have to get something like this:

   {
   "count": 0,
   "next": null,
   "previos": null,
   "results": []
   }

6. Make a GET in other tenant site (http://{lms_base_tenat-b}/eox-tagging/api/v1/tags/), you can't access with the token for tenant-a, so you get something like this:

   {
   "error_code": "token_nonexistent",
   "developer_message": "The provider access token does not match any valid tokens."
   }

Other information

• Test cases file: https://docs.google.com/document/d/11mpYNDDLeLgXheiafrL-7aCbvdzooeVGhWF78_NesPU/edit?usp=sharing

[JuanDavidBuitrago]

https://github.com/orgs/eduNEXT/teams/dedalo This PR is ready to test in remote environment. Go to https://lms.durban.dedalo.edunext.link/dashboard The credentials are the same as dedalo_admin in 1pass (Dedalo L1-> Open edX Olmo / Olive instance)