Stop supporting Resource Owner Password Credentials Grant without client credentials after upgrading to Doorkeeper 5.5

Summary

This is a follow-up to !32878 (merged).

Doorkeeper 5.5 (not yet released) will drop support for ROPC grants without client credentials, or potentially keep supporting this with a configuration option.

As explained in the linked MR, the OAuth applications created in GitLab always generate a client_id and client_secret, so to conform with RFC 6749 we MUST always require client credentials:

The authorization server MUST:

o require client authentication for confidential clients or for any client that was issued client credentials (or with other authentication requirements),

Improvements

• Change the spec when no client credentials provided in spec/requests/api/oauth_tokens_spec.rb to fail.
• Enable the pending spec with invalid credentials in spec/requests/api/oauth_tokens_spec.rb.

Risks

This might break some clients, but since this was never supported behaviour and we updated the docs in !32878 (merged) to indicate the requirement for client credentials, this should be acceptable.