Support token introspection endpoint

[adrienlauer]

When dealing with an opaque token, no claim can be directly retrieved. This means that this kind of token cannot provide scopes. The TokenValidator could be updated to allow to return a map of claims for the opaque token. Then the default TokenValidator could use a configured token introspection endpoint to retrieved these claims at validation.

• The TokenValidator interface must be updated
• The UserInfoTokenValidator should be renamed DefaultTokenValidator and implement the ability to retrieve claims from the token introspection endpoint if configured. It could still fallback to calling the user info endpoint if no introspection endpoint is available.