Allow unauthenticated clients on OIDC token endpoint
In our OIDC implementation, we always require an authentication on token endpoint, but we need to also allow unauthenticated requests for public clients.
For such client, we can then enable PKCE (see #1722 (closed)).