Simpler device authorization end-user code verification for first-party clients

[Alec Henninger]

Currently, device authorization user code verification always displays the consent form, even for clients where consent is not required (e.g. first-party clients). The spec does not specifically require this. It is perhaps surprising to users (and/or admins) for clients which normally do not require consent. I started to discussion about alternative logic: https://github.com/keycloak/keycloak/discussions/8829

Thanks,

Alec