feat: allow omitting scope in authorization redirect uri

[amnay-mo]

Related issue

As discussed with@demonsthere, in the project's Slack Channel: https://ory-community.slack.com/archives/C012USDT5QQ/p1619102732018300

I have a question / PR suggestion though regarding Fosite's implementation of the authorization code oauth2 flow (I couldn't find a Fosite-specific channel):
is it possible to omit the scope query param from the URL which contains the authorization code ? CF: https://github.com/ory/fosite/blob/master/handler/oauth2/flow_authorize_code_auth.go#L118
I have checked the RFC, it doesn't seem to require the scope parameter. I only see the code and state parameters as requirements
Our issue is that our scope list is quite long, and URL length does have a limitation on certain systems

Proposed changes

Allow the omission of the scope query parameter in the authorization redirect URI by configuring the AuthorizeExplicitGrantHandler with a boolean field

Checklist

• I have read the contributing guidelines
  and signed the CLA.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got green light (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added necessary documentation within the code base (if
  appropriate).

[CLAassistant]

All committers have signed the CLA.

[aeneasr]

Awesome, thank you! 🎉 Your contribution makes Ory better :)