Rotate the client_secret for an existing OAuth2 client. A new client_secret is generated and returned. The old secret is immediately invalidated. The new secret is returned only once in the response and cannot be retrieved again.