refactor error handling in authorize endpoint (changes some responses)

- Simplify the error handling in the authorize endpoint by making the
  private helper functions return fosite-style errors, and having
  one place that writes those errors to the response.
- Some types of errors were previously returned as regular http-style
  errors. Those have all been converted to be returned as oauth-style
  errors (which can be redirects to the client), except for http method
  not found errors. This is a change in behavior from the client's point
  of view, but only when those unexpected errors happen. These types of
  errors are more consistent with RFC6749 section 4.1.2.1.
- Avoids using the httperr package for error handling.
- Create a struct for the handler as a first step toward making smaller
  functions with fewer parameters.