Returns list of allowed scopes for a given Authenticatable.
Subclasses override this method to return a list of AuthScopes based on some attribute(s) of an Authenticatable. That Authenticatable is then restricted to only those scopes, even if the authenticating client would allow other scopes or scopes with higher privileges.
When overriding this method, it is important to note that (by default) only the properties declared by Authenticatable
will be valid for
authenticatable has properties that are application-specific (like a
fetchAuthenticatableByUsername must also be overridden to ensure those values are fetched.
List<AuthScope> allowedScopesForAuthenticatable( Authenticatable authenticatable) => AuthScope.Any;