Create rule which logs RP scope requests

[gene1wood]

As a continuation of #269

We should

• create another rule that logs what OAuth scopes that RPs request of us
• gathering a body of logs so we can determine what scopes RPs request
• based on this data determine if we can change our logic from
  • give custom claims to all RPs that request any combination of scopes other than "only `openid" to
  • give custom claims to RPs that request profile scope

To do this will depend upon us validating that there are no RPs which

• don't request profile scope
• expect to receive custom claims

An example of this would be an RP that requests openid and email and expects to receive custom claims.