JWT bearer should replace password grants, but we need to have both for a while

A default CF should have it, because of
cloudfoundry/cli#3368

Another reason to allow alternative to password grant
https://datatracker.ietf.org/doc/html/rfc9700#section-2.4

Author: strehle

cf-deployment.yml

@@ -660,7 +660,7 @@ instance_groups:
           cf:
             access-token-validity: 1200
             authorities: uaa.none
-            authorized-grant-types: password,refresh_token
+            authorized-grant-types: password,refresh_token,urn:ietf:params:oauth:grant-type:jwt-bearer
             override: true
             refresh-token-validity: 2592000
             scopes: