Before,  this logic was only in the OIDCServer.CodeToken() method; now it has been
pulled out so that other paths, like OIDCServer.RefreshToken() can use
it.

The net affect, is that now refresh tokens can be used to get
cross-client authenticated ID Tokens.

A refresh request must fail if it asks for scopes that were not
originally granted when the refresh token was obtained.

This Commit:

* changes repo to store scopes with tokens
* changes repo interface signatures so that scopes can be stored and
  verified
* updates dependent code to pass along scopes

vendor: update go-oidc to add support for Azure AD

Update github.com/coreos/go-oidc/ to include coreos/go-oidc#87
which adds support for Azure AD

Use Github templates for issues/proposals

*: don't let generated comment become package comment

Load trustedPeers in no DB mode, add x-client to example app

* add trustedPeers to a client in client.json.sample
* add optional cross client auth to example web app
* login page is now templated

#400 Add connector id to the registration error message

Right now it is not clear what connector is failing. It will be easier to debug with more specific error message.

Related to #400.

Github launched the ability to automatically populate issues and pull requests with custom templates automatically
(https://github.com/blog/2111-issue-and-pull-request-templates). This eliminates the need to have custom scripts
for populating github issues with custom templates. It should be easier for contributors to just open an issue
and not worrying about copy the template.

Checking that trusted peers exist means that you have to create clients
in a certain order, or else create all the clients, then update trusted
peers. Either way, not a great experience during setup.

The downside, of course, is that you lose validation of peer
IDs.

The Client object on its own doesn't fully express everything about a
single client, and so when loading clients from a static configuration
it's not enough to just (de)serialize clients.

To that end, LoadableClient contains the full representation of a client
and associated entities.

Cross client work 

also, RevokeClient -> RevokeClient for consistency.

Trusted Peers are clients that are authorized to mint tokens
for another client.

Various client api tweaks

Replaced by ClientRepoFromClients, which makes more sense IMO. Also, it
was doing the wrong thing: it was ignoring the client_id and client_secret
passed into it as far as I can tell.

Use the test fixture setup stuff in testutil instead.

Use the test fixture setup stuff in testutil instead.

Also tests that it's being loaded properly (which is not the case in
NewClientManagerFromClients, which will be removed in subsequent commit)

*: Update Go versions used for Travis tests and test tip

Added TLS support to the example application

connector_ldap: Implement connection pooling for LDAP connections

Fixes #309

a little easier to read this way IMO.