mod_http_oauth2: Enforce client scope restrictions in authorization When registering a client, a scope field can be included as a promise to only ever use those. Here we enforce that promise, if given, ensuring a client can't request or be granted a scope it didn't provide in its registration. While currently there is no restrictions at registration time, this could be changed in the future in various ways.

This module helps make BOSH and WebSocket connection endpoints
discoverable via the HTTP method described in
[XEP-0156](https://xmpp.org/extensions/xep-0156.html#http).