Warning: This build has drifted.
The coverage report for this pull request build may be inaccurate because its base commit is no longer the HEAD of its target branch.
This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

    • Learn more: For more information on this, see Tracking coverage changes for pull request builds.
    • Fix now: For a quick fix, rebase this PR at GitHub. Your next report should be accurate.
    • Prevent going forward: To avoid this issue with future PRs, see these Recommended CI Configurations.

feat(oauthserver): add oauth scope support for oidc (#2253)

## Summary

This PR adds comprehensive OIDC scope support to the OAuth server
implementation, enabling proper scope-based access control and claim
filtering per the OpenID Connect Core specification.

## Changes:
- **Scope-based claim filtering**: Claims are only included in ID tokens
and UserInfo responses when the corresponding scope is granted
    - `openid` → `sub` (subject identifier)
    - `email` → `email`, `email_verified`
    - `profile` → `name`, `picture`, `preferred_username`, `updated_at`
    - `phone` → `phone_number`, `phone_number_verified`
- **Conditional ID token generation**: ID tokens are only generated when
the `openid` scope is requested