Break nonce handling out of OpenIDConnectClient

[donatj]

So we've got a custom session handler, and right now we've got a fork of this we use that overrides the session handling.

This PR would make that unessessary for us. It breaks nonce handling out into a SessionNonceHandler object.

This would allows users like us to implement a custom NonceHandler that writes to nonces somewhere other than $_SESSION, wherever the user desires.

As this can be optionally passed to the constructor, it does not break the current interface as it is an optional final argument.

Let me know what you think, I am more than happy to change anything about this you wish.

List of common tasks a pull request require complete

• [x] Changelog entry is added or the pull request don't alter library's functionality

[ricklambrechts]

Currently you can override the methods by extending the class. If we want to do this it would also be nice to follow the PSR and create seperate files for the classes.

[DeepDiver1975]

As @ricklambrechts pointed out - if you want your own session handling sub class this class and implement your own session handling. THX a lot for your contribution - closing this for now.