users/current should return OAUTH scopes
As talked about on gitter, there is no way for an OAuth consumer to get the current scopes of a token. I suggest adding a list of scopes to `/user/current`.
There was talk that returning scopes is not part of the OAuth spec, and with that I respond: Neither is getting the user associated with the auth token.
Returning scopes would allow better 3rd party management of oauth tokens. "Does user have this newly required scope yet? Nope, then they need to re-auth".
"My project no longer needs this scope, has the user re-authed with the new set of scopes? Nope, then they need to re-auth"
and so on