Enable OAuth2 settings describing PKCE used by the server

[jarrodek]

Currently with RAML there's no way to specify that the server requires PKCE for authorization code flow for OAuth2 which is currently recommended way of exchanging the code for token.
In short, PKCE allows to create a challenge (a random string) that is present with the authorization prompt request (after applying some transformations). Then during the code exchange the request contains the original challenge string (before the transformation). Server does some computations and compares strings. If they match then the token is returned.

Specification: https://tools.ietf.org/html/rfc7636

Because this is optional and relatively new (compering to OAuth 2) this may or may not be supported by the server. Client application must be aware whether this mechanism is supported by the API or not therefore this must be implicitly stated in the API spec file.