Update oauth2 gem to v2.0.2

Bump the version to keep up with the latest security fixes, but we
also need this update for FIPS compliance, as this version drops the
use of MD5 from nonce generation.

Almost all the changes are backwards compatible, but there is a change
in v1.4.9 (https://github.com/oauth-xx/oauth2/pull/469) that breaks
the `omniauth-gitlab` integration. This will be worked around in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/90866.

The oauth2 gem normalized all parameters to strings in
https://github.com/oauth-xx/oauth2/pull/536. Update the test
to reflect that.

Parse errors are also no longer rescued due to
https://github.com/oauth-xx/oauth2/pull/576. Previously stubbing an
Array would work because the original body would be returned. To
accomodate this in our tests, call `to_json` on the stubbed output.

We can't remove the monkey patch mentioned in
https://gitlab.com/gitlab-org/gitlab/-/issues/340933 yet because we
need to make `omniauth-oauth2` rescue `OAuth2` exceptions that have now
been subclassed from Faraday exceptions.

The existing patch is compatible because:

1. https://github.com/oauth-xx/oauth2/pull/549 added handling of
`Faraday::ConnectionFailed` by raising `OAuth2::ConnectionError`, but
the latter is just a subclass of the former.

2. https://github.com/oauth-xx/oauth2/pull/604 added handling of
`Faraday::TimeoutError` by raising `OAuth2::TimeoutError`, but again
the latter is just a subclass of the former.

Diff: https://my.diffend.io/gems/oauth2/1.4.7/2.0.2
Changes: https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/361284

Changelog: changed