feat: Organisations support

[rmad17]

Changes

• Org login support: organization on ServerClient (client-level default) and StartInteractiveLoginOptions (per-login override); org_id / org_name claim validation enforced automatically at callback
• Org invitation flow: invitation as a first-class typed field on StartInteractiveLoginOptions; forwarded to /authorize alongside organization
• Org token validation error: OrganizationTokenValidationError raised when the org_id or org_name claim in the returned token does not match what was requested at login; all other org errors from Auth0 (access
  denied, invalid request, invitation rejected) surface as ApiError with the raw OAuth error code and error_description

###Out of Scope

• Org enforcement on backchannel_authentication_grant, login_with_custom_token_exchange, and get_access_token refresh-path token exchange

References

https://auth0team.atlassian.net/browse/SDK-8833

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

• This change adds unit test coverage
• This change adds integration test coverage
• This change has been tested on the latest version of the platform/language or why not

Checklist

• I have read the Auth0 general contribution guidelines
• I have read the Auth0 Code of Conduct
• All existing and new tests complete without errors

[kishore7snehil]

This is feeding the string-matching I flagged on _classify_org_error - can come out along with it.

[kishore7snehil]

Can we move this below class AccessTokenErrorCode

[kishore7snehil]

Why did we delete this?

[kishore7snehil]

Why did we delete this?

[kishore7snehil]

LGTM!