Add option to restrict overriding authorize_options by user request

[tnantoka]

Thank you for the great gem!

By the following implementation, all authorize_options can be overridden with request parameters.

https://github.com/zquestz/omniauth-google-oauth2/blob/8bebf08bcce88a4dc3e59111eb97785b166828e8/lib/omniauth/strategies/google_oauth2.rb#L34-L36

For example, even if we restrict it with hd: 'exanple.com', end-users can use any hd with /oauth/google_oauth2?hd=example.net. It's flexible and convenient, but it may be unexpected behavior in some apps.

I have added an option to control this behavior with this pull request. If you don't need this change, feel free to close it.

Thanks,

[zquestz]

Thanks, decided this should go in. Appreciate the work. =)