Add option to supply oauth scopes for kafka auth

[pegtrifork]

Feature or Problem Description

You are currently only able to supply client id, client secret and token endpoint when using sasl mechanism OAUTHBEARER.
However many identity providers requires you to supply a specific set of scopes to get a token with the desired claims.

Proposed Solution

A "apicurio.kafkasql.security.sasl.scope" config parameter in https://github.com/Apicurio/apicurio-registry/blob/main/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/KafkaSqlFactory.java
And possibly other configurations which can be used in the LoginCallbackHandler. For reference see https://github.com/strimzi/strimzi-kafka-oauth/blob/main/oauth-client/src/main/java/io/strimzi/kafka/oauth/client/JaasClientOauthLoginCallbackHandler.java which is the default in application.properties

[cthtrifork]

Any way for this to be looked at?

[EricWittmann]

Possibly related to:

• Unify configuration of KafkaSQL storage to a single approach #5442