Fix Spotify API authorization

[Lej77]

Fixes #65.

The https://accounts.spotify.com/authorize endpoint no longer accepts token as response_type so we must instead use code. The script previously used the token response type which the Spotify API redirected to
http://127.0.0.1:3000/redirect#error=unsupported_response_type

OAuth authorization methods/flows

FLOW	Access User Resources	Requires Secret Key (Server-Side)	Access Token Refresh
Authorization code	Yes	Yes	Yes
Authorization code with PKCE	Yes	No	Yes
Client credentials	No	Yes	No

From: https://developer.spotify.com/documentation/web-api/concepts/authorization

Since we need access to user resources and don't want the client secret to be published we have no choice but to use Authorization code with PKCE.

This PR implements this flow by generating a new PKCE code_verifier - code_challenge pair and including the challenge in the oauth request. If the user accepts the request then we get a code that we use together with the code_verifier to request an access token.

This PR does not save or log the code_verifier which would be needed to be able to skip the oauth request when re-running the python script (we would also need to accept the code_verifier and authorization code as CLI arguments if we wanted to skip the oauth request).

[peterrus]

Works for me @Lej77! Thank you very much.

I fear it's unlikely this will get merged as @caseychu seems to be inactive in this repo (please correct me if I'm wrong) so I will be using your fork for the time being.

Thanks again.