Registries may allow using token authorization without
explicitly setting the scope. This may cover use cases where
no scope is required for an endpoint or the registry is only
covering authentication using the token. This aligns with the
oauth2 spec which specifies the scope as optional.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
08517e5864