Use scope from authorization code when issuing token

[mgorven]

During Authorization Code Flow the Token must be issued using the scope which the user approved in the Authorization Code. Currently the client can specify a different scope in the /token request and get a Token with scopes which were not approved.

[codecov-commenter]

Codecov Report

Merging #70 (c5087c5) into master (c7512c8) will decrease coverage by 0.32%. The diff coverage is 66.66%.

:mega: This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@             Coverage Diff             @@
##            master      #70      +/-   ##
===========================================
- Coverage   100.00%   99.68%   -0.32%     
===========================================
  Files           14       14              
  Lines          630      635       +5     
  Branches        92       93       +1     
===========================================
+ Hits           630      633       +3     
- Misses           0        1       +1     
- Partials         0        1       +1     

Impacted Files	Coverage Δ
aioauth/grant_type.py	97.50% <66.66%> (-2.50%)	:arrow_down:

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more