Add stronger typing using the NewType pattern

[ramosbugs]

NOTE: This is another breaking change that will be part of the 2.0.0 release.

This diff replaces weakly typed Strings, Urls, and other types with new
types generated using the NewType pattern. Using stronger types here
should avoid common mistakes (e.g., switching the order of the authorization
and endpoint URLs when instantiating a new Client).

In addition to adding a NewType trait, this diff adds a NewSecretType
trait, which implements Debug in a way that redacts the secret. This
behavior avoids a common source of security bugs: logging secrets,
especially when errors occur. Unlike the NewType trait, the
NewSecretType does not implement Deref. Instead, the secret must
be explicitly extracted by calling the secret method.

Finally, this PR resolves #28 by having the authorize_url method accept a
closure for generating a fresh CSRF token on each invocation. The token is
returned by the method as #[must_use], which the caller should compare
against the response sent by the authorization server to the redirect URI.
Note that #[must_use] currently has no effect in this context, but it should
once rust-lang/rust#39524 is resolved.

[ramosbugs]

Closing this PR since it points to an orphaned branch after the repo was transferred to me. Reopening separately.