Migrate to token introspection endpoint

Instead of using the, legacy, IndieAuth token endpoint, we can instead use the RFC7662 compliant token introspection.

As we're now using spec-compliant introspection, we can remove IndieAuthOpaqueTokenIntrospector, instead letting an existing implementation do this for us, as well as removing the WebFlux dependencies.

By using existing introspection classes, we remove the ROLE_ME usage, and instead need to rely on the name, which is delegated by the sub field in our responses.

This requires we extract the check to a bean, allowing for a constant annotation value, but runtime validation of the profile URL in the name against the expected profile URL.

We currently do not authenticate our requests, but will require it as part of #394.

Closes #353 (closed), #288 (closed).