feat(oauth2): fallback to API token login if OAuth2 fails

The point is to offer an optional link with text to the effect of, “Can’t authenticate? Generate a token” that will reload the page with a generated token if clicked, if the OAuth fails. Make sure we handle a failures like Iike client authentication fails, the token endpoint returns **HTTP 401** with an OAuth2 `invalid_client` error and a `WWW-Authenticate: Basic realm="coder"` response header.