## Summary

 + Adds new `Scopes` and `DisableOAuthRefreshToken` fields.
 + Adds support for parsing lists in config files.

## Notes

- Environment variable support is **not** provided for scopes because we
do not think users would actually want this. It can be easily added as a
follow up if there are requests for it.

## Testing
- Parsing logic tested by loading profiles from a test `.databrickscfg`
file.

Subsequent PRs add support for custom scopes in OAuth authentication
methods:
 - M2M: #1388
 - WIF: #1389
 - U2M: #1390

<!-- 
This PR adds support for user-provided OAuth scopes across all OAuth
authentication flows (M2M, U2M, and WIF/OIDC). Users can now request
fine-grained permissions instead of the default `all-apis` scope.

## Review Guide

1. **Start with `config/config.go`** - Review the new `Scopes` and
`DisableOAuthRefreshToken` fields and `GetScopes()` method

2. **Review each auth flow integration**:
   - `config/auth_m2m.go` (one-line change)
- `config/auth_u2m.go` (passes scopes to PersistentAuth, adds
`persistentAuthFactory` for testability)
   - `config/auth_default.go` (passes scopes to OIDC token source)
- `credentials/u2m/persistent_auth.go` (new options, `offline_access`
handling, `GetScopes()` for test introspection)
- `config/experimental/auth/oidc/tokensource.go` (accepts scopes in
config)

3. **Review `config/config_attribute.go`** - adds slice type support for
config file parsing

4. **Review tests** - verify scope assertions match expected behavior
and look for missing test cases.

#### Backwards Compatibility
- All three OAuth flows continue to use `all-apis` as the default scope.
- U2M continues to append `offline_access` scope by default.

## Testing

#### Shared Config Layer
- **`TestConfigFile_Scopes`** - Loads profiles from `.databrickscfg`;
calls `cfg.EnsureResolved()`; asserts `cfg.GetScopes()` returns
correctly parsed and sorted values.

#### M2M Flow
- **`TestM2M_Scopes`** - Sets up mock HTTP transport expecting specific
`scope` values; calls `Config.Authenticate()`; asserts the token request
contains expected scopes.

#### U2M Flow

Tests are split across two files to test different responsibilities:

**`config/auth_u2m_test.go`** - Tests scope propagation from Config to
PersistentAuth:
- **`TestU2MCredentials_Configure_DefaultScopes`** - Uses a capturing
factory that creates a real `PersistentAuth` and spies on it; calls
`u2mCredentials.Configure()` with nil scopes; asserts
`PersistentAuth.GetScopes()` returns `["all-apis"]`.
- **`TestU2MCredentials_Configure_CustomScopes`** - Same setup; calls
`Configure()` with custom scopes; asserts they are passed through
correctly.

**`credentials/u2m/persistent_auth_test.go`** - Tests `offline_access`
handling:
- **`TestU2M_ScopesAndOfflineAccess`** - Sets up mock browser capturing
the authorization URL; calls `PersistentAuth.Challenge()`; asserts the
`scope` query parameter contains expected scopes with `offline_access`
appended (or omitted when `disableOfflineAccess` is true).

### WIF/OIDC Flow
- **`TestWIF_Scopes`** - Sets up mock HTTP transport expecting specific
`scope` values; calls `TokenSource.Token()`; asserts the token exchange
request contains expected scopes.
- **`TestGithubOIDC_Scopes`** - Sets up mock HTTP transport for GitHub
and Databricks endpoints; calls `Config.Authenticate()`; asserts scopes
flow correctly through to the token exchange request.
-->
---
NO_CHANGELOG=true

---------

Co-authored-by: Renaud Hartert <[email protected]>