Add missing read:metrics scope for authenticated metrics endpoint

[minrk]

and ensure token auth is accepted (missed this handler in #3686).

closes #3769

I'm reticent to release this PR as 2.0.3 because it defines a new scope. However, authenticated prometheus simply doesn't work right now (#3769), so one could argue that the 2.0.x bug is that the scope for authenticated metrics was missing.

we could also backport just the one-line _accept_token_auth = True to 2.0.x, to allow any authenticated token to access metrics, as was the pre-2.0 behavior, but then 2.1 will be adding the new scope. Arguably doing so would break more things, because there would be a version that actually works without the scope.

[consideRatio]

This LGTM!

Go for a merge? I was a bit hesitant because there is a CI/CD build running still and it's a very recently opened PR.

I'm not sure what i think either about about minor vs patch version bump and backporting etc, but I lean towards thinking its fine to see this as a bugfix and go for a patch release.

[minrk]

I'd also maybe lean toward patch, as it's "strictly less broken" than other 2.0.x versions. I'll write up 2.0.3 with this tomorrow.

[consideRatio]

Not sure how to label this, went for both labels.

[stubclan]

I'm getting this issue on jupyterhub 2.3.1, any idea why this would be happening? Due to this its not hub isn't able to reach to single server and terminating after being spawned (about a min approx)

[I 2022-08-09 16:11:39.421 JupyterHub log:189] 200 GET /hub/api/ (jupyterhub-idle-culler@127.0.0.1) 4.36ms
[I 2022-08-09 16:11:39.431 JupyterHub log:189] 200 GET /hub/api/users?state=[secret] (jupyterhub-idle-culler@127.0.0.1) 5.31ms
[W 2022-08-09 16:12:24.148 JupyterHub web:1796] 403 GET /hub/metrics (172.23.178.100): Access to metrics requires scope 'read:metrics'
[W 2022-08-09 16:12:24.149 JupyterHub log:189] 403 GET /hub/metrics (@172.23.178.100) 2.14ms
[W 2022-08-09 16:12:33.490 JupyterHub web:1796] 403 GET /hub/metrics (172.25.58.99): Access to metrics requires scope 'read:metrics'
[W 2022-08-09 16:12:33.493 JupyterHub log:189] 403 GET /hub/metrics (@172.25.58.99) 3.79ms
[W 2022-08-09 16:13:24.149 JupyterHub web:1796] 403 GET /hub/metrics (172.23.178.100): Access to metrics requires scope 'read:metrics'
[W 2022-08-09 16:13:24.150 JupyterHub log:189] 403 GET /hub/metrics (@172.23.178.100) 2.22ms
[W 2022-08-09 16:13:33.492 JupyterHub web:1796] 403 GET /hub/metrics (172.25.58.99): Access to metrics requires scope 'read:metrics'
[W 2022-08-09 16:13:33.493 JupyterHub log:189] 403 GET /hub/metrics (@172.25.58.99) 1.92ms