mod_rest/rest.sh: Add --logout to revoke token

mod_rest/rest.sh: Make scopes to request configurable in restrc Makes it easier to experiment with requesting various scopes and roles

mod_http_oauth2: Strip unknown scopes from consent page Since the scope string can be any arbitrary space-separated strings.

mod_http_oauth2: Simplify code with the power of first class functions Selected / primary role is the first assumable role

mod_http_oauth2: More functional functions

mod_http_oauth2: Add function for filtering roles

mod_http_oauth2: Support granting zero role-scopes It seems Very Bad that if you uncheck all roles on the consent page, you get the default scopes, which seems the opposite of what you probably intended. Currently, mod_tokenauth will do the same thing, so work is needed there too to allow issuing tokens without roles. A token without a role could be used for OIDC login, and not much else. This seems like a valuable thing to support.

mod_http_oauth2: Revert role selector, going to try something else Back out f2c7bb3af600 Allowing only a single role to be encoded into the grant takes away the possibility of having multiple roles in the grant, one of which is selected when issuing an access token. It also takes away the ability to have zero roles granted, which could be useful e.g. when you only need OIDC scopes.

mod_http_oauth2: Include all granted roles in scopes The client is allowed to request a subset of granted scopes, so it makes sense to record all granted roles so that another could be selected at access token issuance.

mod_block_registrations: Refresh Compatibility section Update to use currently supported Prosody versions.