Enforces of OAuth scopes check for authenticated API endpoints.

Adds :skip_plug plug to mark a plug explicitly skipped (disabled).

Solves the problem of potentially "forgotten" or incorrect OAuthScopesPlug calls which would result in security breaches. Some of the reasons such issue could happen:

• developer(s) could be unaware of (hopefully not) or forget to define OAuthScopesPlug call for specific action
• action was moved to another controller (and OAuthScopesPlug not propagated)
• action was renamed (with OAuthScopesPlug call's guard clause unmodified)

With this MR an automatic check whether OAuthScopesPlug was either called or explicitly skipped (via :skip_plug plug) is performed. If the check is failed, HTTP 403 is returned.