website/docs: update and rearchitect the oauth2 provider docs (#11916)

* new topics

* update diagram

* more writing and sidebar entries

* fix file name

* more link fixes

* fix header level

* Optimised images with calibre/image-actions

* rewrite stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* reorganize more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* messed w/ diagram and added 3 categories

* fixed anchor

* removed whole line

* add link

* more rearrangements

* more content

* edits

* more polishes, rest of Jens' knowledge dump

* more content

* tweaks

* tweak

* argh

* synch with main

* tweaks to test merge

* cleanup

* offline_access

* polish

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>

website/docs/add-secure-apps/providers/oauth2/client_credentials.md

@@ -1,4 +1,4 @@
-# Machine-to-machine authentication
+## Machine-to-machine authentication
 
 Client credentials can be used for machine-to-machine communication authentication. Clients can authenticate themselves using service-accounts; standard client_id + client_secret is not sufficient. This behavior is due to providers only being able to have a single secret at any given time.