0.4: "cumulative" scoping for new requests and upgrades

[pirogoeth]

When creating a new session for a scoped location, ensure that we not only request a token for the location's specified scope, but also for the config.oauth_auth_scope to keep the number of session upgrades that need to happen at a minimum.

Example:

current_scope = none
location -> /auth/test/scope-testing [scope: unix-wheel]
<session creation>
new_current_scope = sso unix-wheel

During a session upgrade, we should make sure to compound current scopes to reduce the number of session upgrades.

Example:

current_scope = sso unix-wheel
location -> /auth/test/scope-testing [scope: container-manage]
<session is killed and recreated>
new_current_scope = sso unix-wheel container-manage