fix: introspect and revoke to spec and return falsey instead of throwing

[jasonraimondi]

Description

Fix /revoke to no longer throw on invalid tokens, and instead return 200

Note: invalid tokens do not cause an error response since the client
cannot handle such an error in a reasonable way. Moreover, the
purpose of the revocation request, invalidating the particular token,
is already achieved.

https://datatracker.ietf.org/doc/html/rfc7009#section-2.2

Fix /introspect to no longer throw on invalid tokens, instead return 200 with { active: false }

If the introspection call is properly authorized but the token is not
active, does not exist on this server, or the protected resource is
not allowed to introspect this particular token, then the
authorization server MUST return an introspection response with the
"active" field set to "false". Note that to avoid disclosing too
much of the authorization server's state to a third party, the
authorization server SHOULD NOT include any additional information
about an inactive token, including why the token is inactive.

https://datatracker.ietf.org/doc/html/rfc7662#section-2.2