Revert u2m.go client_secret handling — not needed

Earlier commits in this branch (23697e5, 0ec7e06) modified u2m.go to
avoid sending an empty client_secret on the PKCE public-app flow,
citing server rejection with "Public app should not use a client secret".

Empirical verification (2026-04-21):
  - Prod Legacy  (adb-6436897454825492.12.azuredatabricks.net): PASS with
    unpatched u2m.go — server accepts the request.
  - Stg Legacy   (adb-7064161269814046.2.staging.azuredatabricks.net):
    FAIL with 400 Bad Request on unpatched u2m.go.

Since the production server tolerates the current behavior, the patch
isn't strictly required for customers. Reverting to keep the PR minimal
and matching upstream main exactly for this file. If staging server
strictness later rolls out to prod, we can re-add this fix then.

Signed-off-by: Madhavendra Rathore
Signed-off-by: Madhavendra Rathore <madhavendra.rathore@databricks.com>

Author: msrathore-db

auth/oauth/u2m/u2m.go

@@ -25,19 +25,11 @@ func GetConfig(ctx context.Context, hostName, clientID, clientSecret, callbackUR
 	}
 
 	config := oauth2.Config{
-		ClientID:    clientID,
-		Endpoint:    endpoint,
-		RedirectURL: callbackURL,
-		Scopes:      scopes,
-	}
-	if clientSecret != "" {
-		config.ClientSecret = clientSecret
-	} else {
-		// For U2M (public apps using PKCE), force AuthStyleInParams to avoid
-		// sending Basic auth with empty password. AuthStyleInHeader sends
-		// "Authorization: Basic base64(clientID:)" which the server rejects
-		// with "Public app should not use a client secret".
-		config.Endpoint.AuthStyle = oauth2.AuthStyleInParams
+		ClientID:     clientID,
+		ClientSecret: clientSecret,
+		Endpoint:     endpoint,
+		RedirectURL:  callbackURL,
+		Scopes:       scopes,
 	}
 
 	return config, nil