Add required scope for token refresh when refreshing Microsoft OAuth2 token

[AMLSMike]

Proposed change

Add the missing and required scope field when refreshing Microsoft OAuth2 token.

Type of change

1 - 🐞 bug 🐞

Additional information

I have been writing an MSGraphAPI extension to fetch/send emails. During development, I changed the scope field many times! Everything worked fine until the automatic token refresh started. Suddenly I lost access to fetch and send emails. Then I dumped the received token in the logs and used https://jwt.ms/, only to see that I lost all my entered MSGraph scopes and the scope contained Outlook stuff again - I removed those completely before, since MSGraphAPI doesn't use any of them.

I went to the index.pl?Action=AdminOAuth2TokenManagement page and clicked manually refresh. Everything was working fine again! Until the auto refreshed is made...

When hovering the refresh button, all my entered scopes are contained in the URL.

I have noticed that when the token gets auto-refreshed, the scope is not sent within the request. Microsoft then seems to use the first initiated scope with the client token. This seems to be a bug on Microsoft's part! But to be fair, they have written in their Authentication Guides that the scope field is required.

There are also a lot more required fields: tanant, which is currently not configurable in Znuny. But hey, it works somehow 😋

Checklist

• The code change is tested and works locally.(❗)
• There is no commented out code in this PR.(❕)
• You improved or added new unit tests.(❕)
• Local ZnunyCodePolicy passed.(❕)
• Local UnitTests / Selenium passed.(❕)
• GitHub workflow CI (UnitTests / Selenium) passed.(❗)