7.1.0: Session library compatibility

• Added support for xp-forge/sessions version 4.0+ - @thekid

7.0.0: OAuth refactoring

• Heads up: Removed support for instantiating OAuth flows w/o callback
  (@thekid)
• Changed SessionBased authentication to send 401 for sub-requests (e.g.
  images, fetch(), ...), implementing feature suggested in #38
  (@thekid)
• Merged PR #37: Refactor OAuth1 & OAuth2 flows, fixing possible flow error
  states and implifiying their implementation
  (@thekid)
• Added PHP 8.6 to the test matrix - @thekid
• Merged PR #36: Add support for PKCE for OAuth2. This implements, among
  other things, the client side of MCP auth described in xp-forge/mcp#11
  (@thekid)

6.2.0: JWT from tokens

• Made the web.auth.oauth.JWT class implement the lang.Value interface
  (@thekid)
• Merged PR #35: Add JWT::from() and JWT::tryFrom() to parse JWTs from
  a given token
  (@thekid)

6.1.2: PHP 8.5 compatibility

• Made compatible with xp-forge/address 7.0+, fixing deprecation warnings
  about null in array offsets in PHP 8.5+
  (@thekid)

6.1.1: Flow mismatch fix

• Fixed OAuth (1 and 2) flows raising flow mismatches when invoked with
  server state inside a freshly created session, e.g. users having the
  URL includìng ?state=... bookmarked or pressing the browser's back
  button.
  (@thekid)

6.1.0: Flow targets

• Merged PR #34: Extend Flow::target() to accept strings and URLs
  (@thekid)

6.0.0: Major dependency upgrade

• Added PHP 8.5 to test matrix - @thekid
• Dropped support for older dependency versions - @thekid

5.3.0: Parallel request handling

• Merged PR #33: Refactor OAuth flows to handle parallel requests - @thekid

5.2.1: State reuse fix

• Fixed OAuth2 implementation to redirect to the correct target URL when
  reusing state from a previous authorization flow.
  (@thekid)

5.2.0: Session namespaces

• Merged PR #31: Make it possible to change the session namespace (CAS)
  (@thekid)
• Merged PR #30: Make it possible to change the session namespace (OAuth)
  (@thekid)