Add ability to override access token request headers (#603)

* Add ability to override access token request headers

This moves the currently hardcoded `getAccessTokenResponse` into their own method.  This allows children providers to construct their own headers as needed.

A perfect example of the necessity of this feature is the newer Pinterest v5 API.  In order to exchange the code for an access token, they require an `Authorization` header composed of a base64 encoded `client_id` and `client_secret`.  Without this change, the Pinterest Provider would need to entirely reimplement the `getAccessTokenResponse` method.  **With** this change, the Pinterest Provider could simply:

```php
protected function getTokenHeaders()
{
    return array_merge(
        parent::getTokenHeaders(),
        [
            'Authorization' => 'Basic ' . base64_encode("{$this->clientId}:{$this->clientSecret}"),
        ]
    );
}
```

* formatting

Co-authored-by: Taylor Otwell <taylor@laravel.com>

Author: JasonTolliver

src/Two/AbstractProvider.php

@@ -287,13 +287,24 @@ protected function hasInvalidState()
     public function getAccessTokenResponse($code)
     {
         $response = $this->getHttpClient()->post($this->getTokenUrl(), [
-            RequestOptions::HEADERS => ['Accept' => 'application/json'],
+            RequestOptions::HEADERS => $this->getTokenHeaders($code),
             RequestOptions::FORM_PARAMS => $this->getTokenFields($code),
         ]);
 
         return json_decode($response->getBody(), true);
     }
 
+    /**
+     * Get the headers for the access token request.
+     *
+     * @param  string  $code
+     * @return array
+     */
+    protected function getTokenHeaders($code)
+    {
+        return ['Accept' => 'application/json'];
+    }
+
     /**
      * Get the POST fields for the token request.
      *