feat: replace scopes with roles

Replace user scopes with simplified roles.

Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>

api/auth/auth.proto

@@ -17,10 +17,12 @@ message Identity {
 message RegisterPublicKeyRequest {
   PublicKey public_key = 1;
   Identity identity = 2;
-  repeated string scopes = 3;
-
-  // If true and the scopes are empty, the user scopes will not be added to the public key.
-  bool skip_user_scopes = 4;
+  reserved 3;
+  reserved 4;
+  // The role of the public key. When skip_user_role is true, this field is ignored.
+  string role = 5;
+  // If true, the role field will be used to determine the role of the public key.
+  bool skip_user_role = 6;
 }
 
 message RegisterPublicKeyResponse {

pkg/client/auth/auth.go

@@ -28,18 +28,19 @@ func NewClient(conn *grpc.ClientConn) *Client {
 // RegisterPGPPublicKeyOption customizes authpb.RegisterPublicKeyRequest.
 type RegisterPGPPublicKeyOption func(*authpb.RegisterPublicKeyRequest)
 
-// WithScopes sets the scopes in the authpb.RegisterPublicKeyRequest.
-func WithScopes(scopes ...string) RegisterPGPPublicKeyOption {
+// WithRole sets the role in the authpb.RegisterPublicKeyRequest.
+// Only effective if skipUserRole is true.
+func WithRole(role string) RegisterPGPPublicKeyOption {
 	return func(o *authpb.RegisterPublicKeyRequest) {
-		o.Scopes = scopes
+		o.Role = role
 	}
 }
 
-// WithSkipUserScopes sets the skipUserScopes flag in the authpb.RegisterPublicKeyRequest.
-// If true and no scopes are specified using WithScopes, the scopes of the user are assigned to the public key by the server.
-func WithSkipUserScopes(skipUserScopes bool) RegisterPGPPublicKeyOption {
+// WithSkipUserRole sets the skipUserRole flag in the authpb.RegisterPublicKeyRequest.
+// When true, the role set via WithRole is respected.
+func WithSkipUserRole(skipUserRole bool) RegisterPGPPublicKeyOption {
 	return func(o *authpb.RegisterPublicKeyRequest) {
-		o.SkipUserScopes = skipUserScopes
+		o.SkipUserRole = skipUserRole
 	}
 }