We should document that `InMemoryOAuth2AuthorizedClientService` isn't a good default, perhaps even log a warning. See #24237 for background.
