Require SSL connection to postgres for oauth

Hello

The Oauthbearer RFC states that connections should require TLS:

OAUTHBEARER: OAuth 2.0 bearer tokens, as described in [RFC6750].
RFC 6750 uses Transport Layer Security (TLS) [RFC5246] to
secure the protocol interaction between the client and the
resource server.
....
Additionally, for the two
mechanisms specified in this document, TLS MUST be used for
OAUTHBEARER to protect the bearer token; for OAUTH10A, the use of TLS
is RECOMMENDED.

However, postgres currently does not enforce this, as it allows oauth
with any connection type. On the client side, we require HTTPS to the
identity provider, but there's no similar check for the connection to
the postgres server.

What do you think about extending the already existing
OAUTHDEBUG=UNSAFE... libpq flags to require something like
"UNSAFE:plaintext-server" if somebody really wants to use it over a
plaintext protocol?

See attached patch: without this flag we only allow TLS connections or
unix sockets (which should be a safe exception since they are local).
We could argue that we should also allow GSSAPI, but for now I left it
out because:
1. The RFC doesn't mention it.
2. Is GSSAPI+oauthbearer a realistic use case?

I added the client-side flag because I think it's the more important
part of this fix: protecting clients from accidentally sending an
access token over a plaintext connection. Should we also add a
matching warning on the server side during startup or HBA reload if we
find OAuth entries that do not use SSL?