Add a scoold.security.oauth.send_scope_to_token_endpoint option

[MidnightMailman]

For OpenId Connect, the specification states, (https://tools.ietf.org/html/rfc6749#section-4.1.3, https://openid.net/specs/openid-connect-basic-1_0.html#TokenRequest), the scope attribute is not allowed in the token requests.

However, by default the scope parameter is being sent along to the token endpoint. Looking at the Gitlab implementation they have a config option send_scope_to_token_endpoint that is default true but if you set this option to false the scope parameter is not sent along to the token endpoint. Could Scoold be changed to have that option?

[albogdano]

Note that this will require that you update both your Para and Scoold instances to the next available release version because the authentication is actually handled by Para.