Add failover to accessToken for OAuth2 with refresh token

Right now when we can't deserialize tokens, that we expect to be encrypted
we are failing authentication and send challenges to clients. With this change
we will allow for further processing, in case when the format of the token is not parsable
- meaning that it's not an JWEToken, but might be a valid OAuth2 token that could be
handled by further processing.

This case occurs for cases when a tool sends valid accessToken
obtained outside from Trino, but has configured Oauth2 with refresh tokens enabled, for other
clients that benefit from that flow directly

core/trino-main/src/main/java/io/trino/server/security/oauth2/JweTokenSerializer.java

@@ -109,7 +109,7 @@ public TokenPair deserialize(String token)
                     claims.get(REFRESH_TOKEN_KEY, String.class));
         }
         catch (ParseException ex) {
-            throw new IllegalArgumentException("Malformed jwt token", ex);
+            return TokenPair.accessToken(token);
         }
         catch (JOSEException ex) {
             throw new IllegalArgumentException("Decryption failed", ex);

core/trino-main/src/test/java/io/trino/server/security/oauth2/TestJweTokenSerializer.java

@@ -91,6 +91,19 @@ public void testTokenDeserializationAfterTimeoutAndExpirationExtension()
                 .isExactlyInstanceOf(ExpiredJwtException.class);
     }
 
+    @Test
+    public void testTokenDeserializationWhenNonJWETokenIsPassed()
+            throws Exception
+    {
+        JweTokenSerializer serializer = tokenSerializer(new TestingClock(), succinctDuration(12, MINUTES));
+        String nonJWEToken = "non_jwe_token";
+
+        TokenPair tokenPair = serializer.deserialize(nonJWEToken);
+
+        assertThat(tokenPair.getAccessToken()).isEqualTo(nonJWEToken);
+        assertThat(tokenPair.getRefreshToken()).isEmpty();
+    }
+
     private JweTokenSerializer tokenSerializer(Clock clock, Duration tokenExpiration)
             throws GeneralSecurityException, KeyLengthException
     {