Resolves https://github.com/unmojang/drasl/issues/39
* Use __Host- cookie prefix instead of setting Domain
See https://stackoverflow.com/a/64735551
* Unlinking OIDC accounts
* AllowPasswordLogin, OIDC docs, cleanup
* YggdrasilError
* Migrate existing password users without login
* API query/create/delete user OIDC identities
* test APICreateOIDCIdentity
* test APIDeleteeOIDCIdentity
* API Create users with OIDC identities
* OIDC: PKCE
* Use YggdrasilError in authlib-injector routes
* OIDC: AllowChoosingPlayerName
* recipes.md: Update for OIDC and deprecated config options
* OIDC: fix APICreateUser without password, validate oidcIdentities
* OIDC: error at complete-registration if no preferred player name
* Proper error pages
* MC_ prefix for Minecraft Tokens
The authlib-injector spec only requires /profiles/minecraft to be
implemented, not necessarily /users/profiles/minecraft/:playerName, so
the /profiles/minecraft at least should query fallback API servers at
/profiles/minecraft.
Also fixes potential DoS by introducing a limit of 10 players per
request (also which prevents fallback API servers from being spammed)
