Support Bearer Token Authentication of Introspection endpoint

[jzheaux]

Related to #5200 and #6352 (comment)

The OAuth 2.0 Introspection Response RFC allows a resource server to use a bearer token as authentication for an introspection request:

To prevent token scanning attacks, the endpoint MUST also require
some form of authorization to access this endpoint, such as client
authentication as described in OAuth 2.0 [RFC6749] or a separate
OAuth 2.0 access token such as the bearer token described in OAuth
2.0 Bearer Token Usage [RFC6750]. The methods of managing and
validating these authentication credentials are out of scope of this
specification.

[jgrandja]

@jzheaux This issue is quite old. Is it still valid?

[jzheaux]

I've added some more detail to clarify that this is a currently unimplemented feature related to the introspection RFC.