Issue an authorization code and persist all associated data atomically.
After consumeByCode, the code is single-use; client_id and
redirect_uri embedded in the record replace the session-based identity
binding removed in v0.5.1 (D-1 spec).
Retrieve a code record by the authorization code string. Returns
null when no record matches — the method is fail-soft on absence,
matching the findBy<Field> convention used by
ClientRepository.findById.
Naming note (AS-10): renamed from getByCode to findByCode at 1.0
GA to align with the repository-method convention introduced in
v0.5.2: findBy<Field> for optional lookups (null on absence),
get(<id>) for single-object stores, and operation-specific names
like consumeByCode (atomic single-use) for non-lookup operations.
The v0.5.x getByCode name was deprecated via the JSDoc-only
documentation in v0.5.2 (AS-10).
Atomically retrieve and delete the code record. This is the sole authenticity gate for authorization code exchange. Returns null when the code is unknown or has already been consumed (replay prevention).