Currently the only supported scopes are ScopeAll and ScopeApplicationConnect. With the addition of this issue: #7657, we might want to add a new scope that prevents creating new apikeys/tokens.

This is so an admin can make a token for a user, and that user cannot extend create additional api keys from that. This is just to add control options in the more "headless" usage of coder.