Diagnostic/hover regex misses real Google OAuth scopes (openid, https://mail.google.com/, calendar/m8 feeds) and has unescaped dots

[Forbiddem]

Summary

The scope-detection regex in the hover and diagnostic providers only matches scopes that fit the https://www.googleapis.com/auth/<x> shape. Several real Google OAuth scopes use other URL shapes and are present in the bundled apis.ts data but never highlighted by the linter. Separately, the same regex has unescaped . characters in the www.googleapis.com host part.

Location

packages/vscode-extension/src/extension.ts:61 and :130:

const scopeRegex = /https:\/\/www.googleapis.com\/auth\/[a-zA-Z._-]+/g;
//                              ^   ^         ^^^   ^         ^
//                            these dots are NOT escaped — match ANY single char

Compare with the completion regex on :30, which does correctly escape its dots.

Missed scopes

The following well-known Google OAuth scope IDs are in SCOPES (populated from apis.ts) but never matched by the diagnostic/hover regex:

scope id	line in built bundle	notes
https://mail.google.com/	out/extension.cjs:5142, :7505	Full Gmail access — should be classified RESTRICTED and warned the loudest
openid	out/extension.cjs:6517, :6743	OpenID Connect — common scope
https://www.google.com/calendar/feeds	out/extension.cjs:7525	legacy Calendar
https://www.google.com/m8/feeds	out/extension.cjs:7561	legacy Contacts

A developer writing scopes: ["https://mail.google.com/"] gets zero feedback from the linter — neither the "this is a restricted scope" warning nor the hover documentation.

Suggested fix

Two regexes (one for auth/-prefixed scopes, one for the exotic literals), or a single combined alternation, plus escape the host dots:

const scopeRegex = /https:\/\/www\.googleapis\.com\/auth\/[a-zA-Z._-]+|https:\/\/mail\.google\.com\/|https:\/\/www\.google\.com\/(?:calendar\/feeds|m8\/feeds)\b|\bopenid\b/g;

(openid needs a word boundary to avoid false positives inside identifiers.)

Happy to send a PR.