Adds PKCE, profile info, makes "me" optional in the request

[aaronpk]

This PR addresses the issues in #41, #31, #39, and #19.

• Makes the "me" parameter in the authorization request optional but recommended
• Includes a mechanism to return profile information in the response, and defines scopes for that purpose
• Incorporates PKCE

This PR also updates the compiled spec and archived versions.

[Zegnat]

Unrelated but just spotted: line 156 of the source file still mentions the following being done by the IndieAuth spec. But it was dropped per 4386cfe.

           <li>Specifies a mechanism for a token endpoint and authorization endpoint to communicate</li>

Can we roll that fix into here, since this PR will be regenerating all the output files?

[Zegnat]

Grammar error:

[...] beginning the IndieAuth flow, by prepending a either an http or https scheme and appending the path /.

Should not have an "a" before "either".

[Zegnat]

In 6.2:

-         <p>The token endpoint verifies the access token using (how this verification is done is up to the implementation), and returns information about the token:</p>
+         <p>The token endpoint verifies the used access token (how this verification is done is up to the implementation), and returns information about the token:</p>

[Zegnat]

The change in commit 227913b should probably be copied to apply to 5.3.3 as well, as that section contains the same sort of paragraph (starting with "The resulting profile URL MAY be different from what the user initially entered").

[Zegnat]

Last commit addresses all my comments. I have spotted nothing else, so this looks good to me 🚀