Remove obsolete / insecure OAuth2 flows from this spec

[GeorgDangl]

Here, we're listing two flows: https://github.com/buildingSMART/foundation-API#221-obtaining-authentication-information

• implicit_grant, which has been effectively deprecated, or at least it's usage is heavily discouraged
• resource_owner_password_credentials_grant, which never really was considered secure in scenarios where you did not control all services involved

This was brought up in the meeting today, and we should just remove it from the spec completely.

[ykulbak]

Sep 25th 2023. See discussion on generalising OAUTH flows to avoid banning supported features on #25 (same date).