Use only the minimum viable scopes when creating cloud access tokens

[daniel-goldstein]

What happened?

Hail's google/azure credential classes do not require the caller to specify scopes when requesting access tokens, and thus default to a very wide set of scopes, making those access tokens excessively powerful. An access token does not need to have the https://www.googleapis.com/auth/appengine.admin scope to read a blob from GCS. This poses an unnecessary risk if such a token were leaked.

These classes should instead require that scopes be specified when requesting an access token, and call sights should specify the minimum set of scopes necessary to perform their function.

Version

0.2.120

Relevant log output

No response