Ability to restrict which OAuth scopes can be granted to third-party apps

[willnorris]

Third-party app restrictions allow the ability to limit which apps can be used with an org, but there is no ability control what level of access that app can be granted. For example, I'm generally fine with pretty much any app that wants read access and the ability to set commit statuses, but almost never want to allow pushing commits. Often, these are actually different ways of using the same third-party app.

[willnorris]

Additionally, when reviewing a request to approve a third-party app, there is no indication what level of access that app is going to want, so it's difficult to make an informed decision.