feat(oauth-client): parse_target — accept https and loopback forms, reject others
Implement Task 1 of Phase 3: target parsing and validation for OAuth client
conformance tests. Adds OauthClientTarget enum with HttpsUrl and Loopback
variants, LoopbackTarget with host/port/path, LoopbackHost enum, and
parse_target function that enforces atproto client_id rules:
- HTTPS form requires a host and forbids query/fragment
- HTTP form is accepted only for localhost or 127.0.0.1 (with optional port/path)
- All other schemes, missing hosts, or non-loopback HTTP hosts are rejected
Each TargetParseError variant derives Diagnostic with stable error codes
under oauth_client::target::*. Includes 10 unit tests covering all happy paths
and every rejection reason.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>