Implement device code grant type

[impl]

Fixes #36

[DrDaveD]

@impl I have a question on this, and for that matter any kind of flow that requests a refresh token through this plugin. Since this is only a secrets plugin, after going through any oauth flow to get a refresh token do you also get a vault token? Or is a vault token with access to a secrets path already required to be obtained some other way?

The way I have been doing things is using the Hashicorp jwt/oidc auth plugin to get a vault token and refresh token together, and then storing the refresh token in this secrets plugin.

[impl]

The way we use it, we already have access to this engine set up in advance using policies on an existing role. I actually don't think it's possible for a secrets engine to return a Vault token -- it doesn't have access to those Vault APIs. We mainly use this plugin to manage credentials on behalf of our users, so our public-facing interfaces never store a refresh token or even OAuth client secret. I.e., we can grab a token in our application, use it in the scope of a single request to perform some work on a user's behalf, and discard it.