Add missing accounting.budgets.read scope and ratchet up lint validation on security scopes (#755)

* fix: add missing accounting scope accounting.budgets.read

* chore: enable missing scopes lint rule as error

Author: rpocklin

.spectral.yaml

@@ -159,3 +159,4 @@ rules:
   owasp:api4:2023-string-restricted: off  # Disable string restricted rule to address warnings
   path-params: off  # Disable path parameter validation to address mapping key issues
   owasp:api8:2023-define-cors-origin: off  # Disable CORS origin header requirement
+  oas3-operation-security-defined: error # Ensure all scopes are listed in schema

xero_accounting.yaml

@@ -19740,6 +19740,7 @@ components:
             profile: your profile information
             accounting.attachments: Grant read-write access to attachments
             accounting.attachments.read: Grant read-only access to attachments
+            accounting.budgets.read: Grant read-only access to read budgets
             accounting.contacts: Grant read-write access to contacts and contact groups
             accounting.contacts.read: Grant read-only access to contacts and contact groups
             accounting.journals.read: Grant read-only access to journals