Fix OAuth Client Authorization bugs

Summary: ajtrichards reported an error creating a brand new authorization. fixed that and generally made this flow work well

Test Plan:
- created a fresh test client
-- noted "new=<PHID>" with appropriate highlighting
- visited http://phabricator.dev/oauthserver/auth/?client_id=PHID-OASC-jwgdrqdpzomtxyg3q3yf&response_type=code&scope=offline_access
-- clicked "cancel", verified result
-- clicked "approve", verfied result
- visited http://phabricator.dev/oauthserver/auth/?client_id=PHID-OASC-jwgdrqdpzomtxyg3q3yf&response_type=code&scope=whoami
-- noted got the dialog
-- noted that it had the union of desired and existing so user could update it properly! (NB - its up to the client to react to whatever specific scope(s) the user decides to grant)
-- noted it actually updated when I hit "approve"

Reviewers: epriestley, ajtrichards

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T933

Differential Revision: https://secure.phabricator.com/D1775

src/applications/oauthserver/controller/client/edit/PhabricatorOAuthClientEditController.php

@@ -109,6 +109,8 @@ extends PhabricatorOAuthClientBaseController {
         $bad_redirect = true;
       } else {
         $client->save();
+        // refresh the phid in case its a create
+        $phid = $client->getPHID();
         if ($this->isClientEdit()) {
           return id(new AphrontRedirectResponse())
             ->setURI('/oauthserver/client/?edited='.$phid);