v0.1.21

What's Changed

• Add use_id_token_as_bearer boolean field to OAuth Resource Metadata (OAuthResourceMetadata, OAuthResourceMetadataResponse, WWW-Authenticate header)
• Add parse_use_id_token_as_bearer() helper for extracting the flag from WWW-Authenticate headers

When use_id_token_as_bearer=True, clients are told to use the OIDC id_token as the Bearer token instead of the access_token. This is a custom extension (not defined in RFC 9728) following the same pattern as client_id and client_secret.