Support scopes defined both in strategy constructor and authenticate()

[anabellaspinelli]

I'm adding this feature for cases in which strategy users want to have default scope set up in their Strategy constructor (maybe something like profile) and then customize other scopes based on user selection.

Right now, the scope that comes in the authenticate() options object overrides whatever was set up in the constructor.

Tested it in the following scenarios:

• Scopes defined both in strategy constructor and authenticate options obj
• Scopes defined only in strategy constructor
• Scopes defined only in authenticate options obj
• No scopes are defined

[coveralls]

Coverage remained the same at 100.0% when pulling b126181 on anabellaspinelli:add-scopes-instead-of-override into a948096 on jaredhanson:master.

[anabellaspinelli]

@jaredhanson @tomhughes @Tug @natalan

Hello!

This change (or something like it) would be really helpful for me and (Typeform), the company I work for.

I noticed there are a lot of pending PRs. Is this the correct way to request a review?

Thank you!

[rwky]

@anabellaspinelli if you make a PR against https://github.com/passport-next/passport-oauth2 is will get looked into.

[anabellaspinelli]

Thank you @rwky I will!

Just out of curiosity, what's the purpose of the fork?

[rwky]

One of the companies I work for uses several passport modules and maintained our own forks, since the upstream modules aren't maintained I decided to fork them publicly in an organization so even if I get hit by a bus they won't go unmaintained.