Lack of client identification in Solid-OIDC + WAC

[michielbdejong]

When using Solid-OIDC to "log in" to a Solid app, that app gets all the same rights over your data that you yourself do.

This is fine if you're logging into a file browser tool but not if you're logging into a chess game.

I added this warning to the readme of Pivot but it also applies to other Solid servers that implement WAC.

[michielbdejong]

For more info see also:

• Consider removing the acl:origin feature web-access-control-spec#130
• Clarify acl:origin web-access-control-spec#129
• Fine-grained access control for Solid apps solid-contrib/pivot#78
• Client identification web-access-control-spec#81
• Circumventing Origin restriction with proxies web-access-control-spec#34