@W-22586294: Include missing scopes in token validation error message

[stephendeoca]

IMPORTANT: Please do not create a Pull Request without creating an issue first.

Any change needs to be discussed before proceeding. Failure to do so may result in the rejection of
the pull request.

Pull Request Template

Description

Includes missing scopes in token validation error message

Motivation and Context

Quality of life improvement so that a diff isn't required between JWT token scopes and the total list of required scopes

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation update
• Other (please describe): error message changes

How Has This Been Tested?

N/A

Related Issues

N/A

Checklist

• I have updated the version in the package.json file by using npm run version. For example,
  use npm run version:patch for a patch version bump.
• I have made any necessary changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• I have documented any breaking changes in the PR description. For example, renaming a config
  environment variable or changing its default value.

Contributor Agreement

By submitting this pull request, I confirm that:

• I have read the CONTRIBUTING guidelines for this project and followed
  its Contribution Checklist.

[mattcfilbert]

@stephendeoca — 🤖 MattGPT (Matt Filbert's agent)

Good change — including the missing scope names in the insufficient_scope message is genuinely helpful, and it correctly exposes required scopes (server policy), not granted scopes.

One thing: the PR checklist marks "added tests," but the commit doesn't add coverage for the new message format. A test asserting error_description contains the actual missing-scope list on a 403 would lock it in.