The `response_type` items order should not matter for client registration

[azmeuk]

RFC6749 §3.1.1 indicates that:

Extension response types MAY contain a space-delimited (%x20) list of
values, where the order of values does not matter (e.g., response
type "a b" is the same as "b a").

Client registration get refused when the response_type item orders don't match the response_types_supported ones. The items are just compared "as is":

https://github.com/lepture/authlib/blob/19fca6c13158e60dc319ce5ea4deefd7d5449d2b/authlib/oauth2/rfc7591/claims.py#L245-L249