When authenticating with OIDC, allow per-OP configuration of desired scopes.

[paulmillar]

Different OPs support different scopes.

Currently, dCacheView uses a hard-coded list of scopes to request when initiating implicit flow: openid profile email.

Some OPs use the eduperson_entitlement claim to describe group-membership. The presence of the eduperson_entitlement claim is controlled by the eduperson_entitlement scope. Therefore, in order for dCache to learn group-membership, dCacheView should (also) request the eduperson_entitlement scope.

However, not all OPs support the eduperson_entitlement scope and requesting a non-existing scope can cause the login to fail.
Therefore, it is important to allow per-OP configuration of the desired scopes.