fix: be more permissive in time checks

Time equality should not cause failures in OpenID Connect validation.

autogen(docs): regenerate and update changelog

autogen(docs): regenerate and update changelog

fix: make redirect URL checking more strict

The OAuth 2.0 Client's Redirect URL and the Redirect URL used in the OAuth 2.0 flow do not check if the query string is equal:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/callback?bar=foo`
3. Instead of an error, the browser is redirected to `https://example.com/callback?bar=foo` with a potentially successful OAuth2 response.

Additionally, matching Redirect URLs used `strings.ToLower` normalization:

1. Registering a client with allowed redirect URL `https://example.com/callback`
2. Performing OAuth2 flow and requesting redirect URL `https://example.com/CALLBACK`
3. Instead of an error, the browser is redirected to `https://example.com/CALLBACK ` with a potentially successful OAuth2 response.

This patch addresses all of these issues and adds regression tests to keep the implementation secure in future releases.

chore: fix unused const linter error (ory#484)

feat: error_hint and error_debug are now exposed through error_descri…

…ption (ory#460)

BREAKING CHANGE: Merges the error description with error hint and error debug, making it easier to consume error messages in standardized OAuth2 clients.

autogen(docs): regenerate and update changelog

fix: add missing OAuth2TokenRevocationFactory to ComposeAllEnabled (o…

…ry#472)

feat: new factory with default issuer for JWT tokens (ory#444)

feat: makeRemoveEmpty public (ory#443)