Scopes: Adds scope to control who can create and edit users + view a user audit page

[jpye-finch]

Description

Adds scope to control who can create and edit users

Notes! A user with user.create:my-jurisdiction cannot create or edit a user with user.create:all and user.update:alleven if the users are in the same office

user.create:all user.create:my-jurisdiction user.update:all user.update:my-jurisdiction user.read:all user.read:my-jurisdiction user.read:my-office user.read:only-my-audit

https://www.notion.so/opencrvs/User-Scopes-e827de98050c409fa1cfa5a2e4ea7050?pvs=4

ACs

GIVEN i have the scope user.create:all THEN I can create a user in any location

GIVEN i have the scope user.create:my-jurisdiction THEN I can create a user only in my jurisdiction

!! GIVEN i have the scope user.create:my-jurisdiction THEN I can not create a user with user.create:all

GIVEN i have the scope user.update:all THEN I can update a user details in any location

GIVEN i have the scope user.update:my-jurisdiction THEN I can update a user details in my jurisdiction

!! GIVEN i have the scope user.update:my-jurisdiction THEN I can not update a user with user.update:all

User Read Push to 1.8? These scopes control the username links found in Team Office pages

GIVEN i have the scope user.read:all THEN I can view all User audit views

GIVEN i have the scope user.read:my-jurisdiction THEN I can view all User audit views for users in my jurisdiction

GIVEN i have the scope user.read:my-office THEN I can view all User audit views for users in my office

GIVEN i have the scope user.read:only-my-audit THEN I can only view my user audit view

[euanmillar]

@jpye-finch requirement from Somalia coming in. They need a scope about whether a user can delete another user or not. Would user.update:all cover that or do we need that explicitly mentioned. FYI @rikukissa @anninawersun