mod_http_oauth2: Enforce client scope restrictions in authorization When registering a client, a scope field can be included as a promise to only ever use those. Here we enforce that promise, if given, ensuring a client can't request or be granted a scope it didn't provide in its registration. While currently there is no restrictions at registration time, this could be changed in the future in various ways.

# mod_tos

A very drafty module to implement some kind of Terms of Service acceptance
tool.

Currently, this only works with clients implementing this very drafty
protocol. The result of the experiments will be an update to the
[ToS ProtoXEP](https://xmpp.org/extensions/inbox/tos.html), with the goal
of acceptance.