Incorrect OAuth2 ID/Secret leads 500 / incorrect error message

[wxiaoguang]

Description

Many users reported this problem: when they try to use OAuth2 as auth source, they see 500 errors, and an unclear error message in log:

/auth/oauth.go:920:SignInOAuthCallback() [E] [642b21e7-2] UserSignIn: oauth2: server response missing access_token

The problem is that:

1. If the user double-click and copy the secret from GitHub app page, there will be an extra space in the Client Secret field.
2. The incorrect Client Secret makes the auth failed. GitHub returns clear message
3. However, the goth package doesn't respect the error message, it only returns an error "server response missing access_token"
4. If the callback URL is incorrect, some 500 error might also happen.

To fix the problem:

1. Trim spaces.
2. Fix goth package, make it respect the returned error message.
3. Make Gitea show more details if goth returns unclear messages, at least it helps users.