Pushed Authorization Request endpoint (RFC 9126).

The endpoint authenticates the client, stores the submitted authorization request parameters behind a request_uri, and returns that reference to be used at /oauth/authorize. The authorization endpoint still performs the normal client/redirect/scope/PKCE validation when the reference is resolved.

This controller is a thin adapter: it parses the request off the Plug.Conn, authenticates the client via AttestoPhoenix.ClientAuthentication (RFC 6749 §2.3), lifts the DPoP facts into a %PAR.Request{} of plain data, and calls AttestoPhoenix.AuthorizationServer.PAR.store/2. Every storage, credential-stripping, and DPoP-binding decision lives in that conn-free core.