Replay store that defers persisting the proof until flush is called.
Used at the token endpoint so that when we return UseDpopNonce we do not
record the JTI, allowing the client to retry with the nonce without hitting replay.
DPoP verification for the token endpoint only. Uses a deferred replay store so that
when the server returns UseDpopNonce the proof is not persisted; the client can retry
with the nonce without the auth code being effectively revoked (replay rejection).