Introduce token exchange api

[rezaansyed]

WHY are these changes introduced?

Introduces token exchange API. The API to fetch access tokens is based on the Token Exchange spec:

 POST https://{shop_url}/admin/oauth/access_token

Parameters:

Parameter		Description
client_id	REQUIRED	The api key for the app
client_secret	REQUIRED	The client secret for the app.
grant_type	REQUIRED	The value urn:ietf:params:oauth:grant-type:token-exchange indicates that a token exchange is being performed. Not required for authorization code grant flow
subject_token	REQUIRED	ID token that represents the identity & active browser session of a merchant using the app.
subject_token_type	REQUIRED	The value urn:ietf:params:oauth:token-type:id_token indicates that the subject token type is an ID token.
requested_token_type	OPTIONAL	urn:shopify:params:oauth:token-type:offline-access-token (Default) and urn:shopify:params:oauth:token-type:online-access-token are valid types for requesting offline & online access tokens, respectively.

WHAT is this pull request doing?

Introduces API gated behind the unstable_tokenExchange future flag.

Type of change

• Patch: Bug (non-breaking change which fixes an issue)
• Minor: New feature (non-breaking change which adds functionality)
• Major: Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

• I have used yarn changeset to create a draft changelog entry (do NOT update the CHANGELOG.md file manually)
• I have added/updated tests for this change
• I have documented new APIs/updated the documentation for modified APIs (for public APIs)

[paulomarg]

Love it! I'll let the team review it as well, but I can't see anything I'd change other than the ShopifyAuth types.

[paulomarg]

Total nit, but we could export this as an arrow function so we don't have to repeat the types:

Suggested change

	export function safeCompare(
	export const safeCompare: SafeCompare = (strA, strB) => {