Re-run credential tools when scopes change

[g-linville]

Say I have a tool that includes this:

credentials: github.com/gptscript-ai/gateway-oauth2 as myCredential with ASDF as env and "scope1 scope2" as scope and whatever as integration

When the user authenticates, their credential will have the scopes scope1 and scope2.

If I go to run the tool again later, but need an additional scope, scope3, even when I have updated it to this:

credentials: github.com/gptscript-ai/gateway-oauth2 as myCredential with ASDF as env and "scope1 scope2 scope3" as scope and whatever as integration

it will still reuse the existing myCredential from the credential store. The only way to get around this right now is for the user to delete their existing credential.

When we go to fetch a credential from the store, we need to find a way to check the requested scopes against existing scopes. Right now, the credential framework does not store the scopes for OAuth tools, but it does store refresh tokens. We probably need to follow the same pattern and start storing scopes and then comparing them.