Add access token scope checks to improve authorization

[davidallendj]

This PR adds the ability for SMD to check for scopes and implements two related functions: VerifyClaims and VerifyScope. It also moves dedicated OAuth functionality to a separate, dedicated file in cmd/smd/auth.go.

The VerifyClaims function is needed to make sure that the scope claim is included in the incoming access token. It can also be used later for checking for inclusion of other claims such as partition-id required for accessing specific resources.

The VerifyScope function is used to check the incoming access token for specific scopes for each endpoint. Currently, this has only been implemented for /State/Components and /Inventory/RedfishEndpoints with each requiring the smd_read scope. Submitting a valid token without the smd_read scope will return the following error:

curl http://127.0.0.1:27779/hsm/v2/Inventory/RedfishEndpoints -H "Authorization: Bearer eyJhbGciOi..."
{"type":"about:blank","title":"Unauthorized","detail":"failed to verify scope: invalid or missing scope","status":401}

However, for any other endpoint that is not checking for scopes, any valid access token is sufficient to use like before.

[synackd]

Once https://github.com/go-chi/jwtauth/pull/85 is merged, 06b7790 should be reverted.

[synackd]

Runner tests passing.