[#468] Defined OAuth restrictions for all applicable routes.

Improved missing "scopes" param handling.
Allowed "any of" / "all of" mode specification in OAuthScopesPlug.
Fixed auth UI / behavior when user selects no permissions at /oauth/authorize.

lib/pleroma/web/mastodon_api/mastodon_api_controller.ex

@@ -33,7 +33,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
   action_fallback(:errors)
 
   def create_app(conn, params) do
-    scopes = oauth_scopes(params, [])
+    scopes = oauth_scopes(params, ["read"])
 
     app_attrs =
       params