providers/oauth2: device code flow client id via auth header (#20457)

* Use `extract_client_auth` which can get client id from either HTTP
Authorization header or POST body

* Update documentation to reflect allow sending client id via header

* Add tests for using HTTP Basic Auth to pass in client id

website/docs/add-secure-apps/providers/oauth2/device_code.md

@@ -25,6 +25,17 @@ client_id=application_client_id&
 scope=openid email my-other-scope
 ```
 
+Alternatively the client id may be sent via the HTTP Authorization header:
+
+```http
+POST /application/o/device/ HTTP/1.1
+Host: authentik.company
+Content-Type: application/x-www-form-urlencoded
+Authorization: Bearer YXBwbGljYXRpb25fY2xpZW50X2lkOg==
+
+scope=openid email my-other-scope
+```
+
 The response contains the following fields:
 
 - `device_code`: Device code, which is the code kept on the device