feat: responseMode uses openid defaults

[aarongranick-okta]

• responseMode will not be passed to authorize endpoint unless explicitly specified
• default responseMode for PKCE is "query"

[swiftone]

nit: Before defining responseMode, you could define defaultResponseMode:

// By default Authentication Code flow uses "query", Implicit flow uses "fragment"
// https://openid.net/specs/openid-connect-core-1_0.html#Authentication
var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';
var responseMode = options.responseMode || sdk.options.responseMode || defaultResponseMode;

Arguably this manages the focus a bit better.