Switch to using non-restricted `drive.file` permission for Google Drive

[robertknight]

Switch from using the sensitive/restricted https://www.googleapis.com/auth/drive scope to the non-restricted https://www.googleapis.com/auth/drive.file scope. The latter allows our app to only access files that have been shared via the Google Drive Picker, whereas the former allows access to all files.

For this to work, the OAuth client ID needs to be passed when configuring the picker, so that the selected file is later made available for use with the Google Drive API client. See https://stackoverflow.com/a/58175142/434243.

Fixes https://github.com/hypothesis/lms/issues/1333. See also Slack thread.

Testing:

1. Go to your Google account settings and revoke Google Drive access given to "Hypothesis LMS (Development)". This is under "Security" settings.
2. Configure a new Google Drive assignment. You should see an authorization screen with different permissions than before. Note the "specific files" wording.

3. Save and launch the assignment

[robertknight]

We're going to roll this out next Monday to minimize the risk of disruption to users. Coordination happening here: https://hypothes-is.slack.com/archives/C4K6M7P5E/p1718370161353309?thread_ts=1718176476.315619&cid=C4K6M7P5E.