Allow customizing identity object and scope class used by JWT authorizer

[shevron]

Currently in order to use JWT but have slightly different identity rules (e.g. if you want to default to read-only for unauthorized scopes), or handle scopes in a different way, you need to subclass and replace the entire authorizer.

This is not a huge setback, but it would be nice if the default scope class and identity class could be replaced via config.