Introduce Ci::JobToken::Scope that is assigned to a User
if authenticated via CI_JOB_TOKEN. A user authenticated
via CI_JOB_TOKEN should be considered untrusted.
The scope is able to identify whether the job token is
trying to access projects that were not in the allowlist.

Changelog: added