Auth provider Figma uses deprecated scope

[smogg]

Bug report

• I confirm this is a bug with Supabase, not with my own application.
• I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

Figma API deprecated the scope file_read and replaced it with more granual controls over the permissions requested from user. The auth code still uses the outdated scope that requests all the available permissions during sign in:

auth/internal/api/provider/figma.go

Lines 40 to 43 in a7129df

	// Figma only provides the "file_read" scope.
	oauthScopes := []string{
	"file_read",
	}

To Reproduce

Setting up sign in with Figma and one of the currently supported scopes results in broken authentication showing Cannot pass in both the file_read and files:read scopes during redirect.

const { error } = await supabase.auth.signInWithOAuth({
    provider: 'figma',
    options: {
      redirectTo: authRedirect,
      scopes: 'files:read',
    },
  });

Expected behavior

Figma API doesn't seem to provide a more minimalistic scope than files:read so I guess that should be the new default.