Reorganize client authentication section to separate the legacy API and the new OAuth 2.0 API

[zecakeh]

This is supposed to be a PR on which other PRs that add bits of the OAuth 2.0 API will be based. As such it separates the sub-sections that are specific to the legacy API in its own section, and it adds an empty "OAuth 2.0 API" section.

Since account locking and suspension are authentication API agnostic, this also adds a new "Account moderation" section.

This also splits the "Account registration and management" section and its endpoints to separate them cleanly in the spec, for 2 reasons:

1. In the OAuth 2.0 spec, account management is associated to MSC2964, which is separate to account registration that was included in MSC4191, so it will allow us to have a similar structure.
2. This avoids having deactivation show before registration and fixes "Account registration and management" section starts off telling you how to deactivate your account #1073.

The plan for the future is:

1. Open several PRs based on this one, that should each include a separate section for an MSC from the sub-proposals of MSC3861 in the new "OAuth 2.0 API" section. Of course that means that they will conflict, but merging them should be as easy as putting the separate sections in the proper order.
2. Once those are merged, open PRs to:
   • Add cross-links between the new sections.
   • Clarify the direct "Client Authentication" sub-sections to make sure that they apply to both authentication APIs.
   • Add more general "Client Authentication" sub-sections to clarify how to do similar things with the 2 authentication APIs.
   • Add introductions to the legacy and OAuth 2.0 API.
   • Check all the spec for mentions to the legacy API in the spec and see if they need to mention a more general section, or if they need an info box saying that they are only supported by the legacy API (e.g. the endpoints that require UIA).

Pull Request Checklist

• Pull request includes a changelog file
• Pull request includes a sign off
• Pull request is classified as 'other changes'

Preview: https://pr2141--matrix-spec-previews.netlify.app

[zecakeh]

My guess is that we will use this changelog for most of the PRs related to the OAuth 2.0 API.

[zecakeh]

I downgraded this to a non-heading, because I feel like it doesn't need to appear in the ToC.

[zecakeh]

Same here, I downgraded this to a non-heading, because I feel like it doesn't need to appear in the ToC.

[richvdh]

Looks like a good start to me.

I think we should add a {{% added-in %}} for the OAuth 2.0 API, and probably a {{% changed-in %}} for the legacy one. And obviously at some point we'll need to add text explaining the relationship between the two APIs. But it sounds like maybe you're planning that for after some of the other PRs have landed?

I'm happy to land this as-is if you want to delay those tasks. What do you think?

[zecakeh]

Yes I was thinking of writing more in a separate PR to be able to merge this as quickly as possible to avoid blocking other PRs. I definitely plan to add more context around those APIs.