Follow-up: Description and details of BundID authentication flow against Matrix home server

Problem

We need a common understanding about the details of the BundID authentication flow in order to discuss advanced topics, such as #212, #58 #251, #146, etc.

Goal

Create a 2nd sequence diagram based on the one from #36 that depicts a detailled view of all actual requests and - alongside with a brief description of it - add it to the runtime view section of our arc42 documentation.

ACs

• Both sequence diagrams uses OAuth / Matrix C2S API terminology for all requests and includes the most relevant parameters (such as code, id_token, access_token, ...).
• The detailled sequence diagram includes all requests/responses/callbacks that are necessary to complete the authentication.
• For illustration purposes, the sequence diagrams includes an authenticated request to the C2S API provided by synapse using the access_token.
• The detailed sequence diagram distinguishes between the client (app/web app) and the user agent (browser) (see RFC 6749, Section 4.1 as an example).
• The sequence diagram or its description references relevant sections of the Matrix Client-Server API, RFC 6749, RFC 7636 and potentially addittional RFCs.
• The sequence diagrams and a brief description is included in the runtime view section of our arc42 documentation.

Notes/ resources

• Requirements uIDs: Zapuk_96
• Requirements uIDs from #36: OZG_1; OZG_2; OZG_3; OZG_14; ZaPuK_57; Zapuk_60; Zapuk_63; ZapuK_100; Zapuk_108; LB_25

Who needs to be involved / informed

• reviewers: team::architecture, @quenting
• involved: team::architecture
• informed: team::infra-and-ops, team::dev