Implement OAuth2 Device Code Flow in `reana-client` for ESCAPE IdP

[tomondre]

Summary
Full implementation of the existing PoC in reana-client to authenticate with the ESCAPE Identity Provider via OAuth2 Device Code Flow, obtain a JWT, and use it for all REANA Server calls.

Definition of Done

• Suitable Python library chosen and added as a dependency (currently oauthlib used)
• Device Code Flow fully implemented in reana-client
• JWT is automatically included in all CLI requests to the REANA Server

Blockers & Open Questions

• Common API interface for device-code endpoints: see issue [#66](Add JWT token input support to reana-commons #66 (comment))

• Token rotation: Who/what process triggers refresh and when?

• Documentation: End-user guide & developer notes

• IDP configuration variables:

  • How/where are CLIENT_ID, DEVICE_AUTH_ENDPOINT, TOKEN_ENDPOINT, etc. set?
  • Can reana-server expose the IdP config via an API so the CLI discovers endpoints at runtime? The point of contact would be the REANA_SERVER_URL

[tomondre]

reanahub/reana-client#751