Improve the built-in authorize for better support of user-scope only installations

[seratch]

While answering the question at #574, I found that there is room for improvement in the InstallationStoreAuthorize module. This pull request improves the internals to cover the following situation:

• An app has two paths of app installations
  • App installation with bot scopes (plus user scopes is optional) /slack/install
  • User scope installation with individual users /slack/user_install
• The admin user A installed the app into the workspace with bot token and the person's user scopes
• End-user B installed the app to grant user scopes to the app from /slack/user_install
• The app receives an incoming request associated with user B

In this scenario, the authorize function should return the bot token generated by admin user A plus the user B's user token in AuthorizeResult. However, the current implementation returns only user B's user token.

This pull request resolves the issue, plus improved the readability of the code by renaming local variables and adding more comments.

Category (place an x in each of the [ ])

• slack_bolt.App and/or its core components
• slack_bolt.async_app.AsyncApp and/or its core components
• Adapters in slack_bolt.adapter
• Document pages under /docs
• Others

Requirements (place an x in each [ ])

Please read the Contributing guidelines and Code of Conduct before creating this issue or pull request. By submitting, you are agreeing to those rules.

• I've read and understood the Contributing Guidelines and have done my best effort to follow them.
• I've read and agree to the Code of Conduct.
• I've run ./scripts/install_all_and_run_tests.sh after making the changes.

[codecov]

Codecov Report

Merging #576 (e939a56) into main (0ee6bb7) will increase coverage by 0.15%.
The diff coverage is 91.04%.

@@            Coverage Diff             @@
##             main     #576      +/-   ##
==========================================
+ Coverage   91.33%   91.48%   +0.15%     
==========================================
  Files         169      169              
  Lines        5665     5699      +34     
==========================================
+ Hits         5174     5214      +40     
+ Misses        491      485       -6     

Impacted Files	Coverage Δ
slack_bolt/app/app.py	87.69% <ø> (ø)
slack_bolt/app/async_app.py	94.19% <ø> (ø)
slack_bolt/authorization/async_authorize.py	83.94% <90.90%> (+4.77%)	⬆️
slack_bolt/authorization/authorize.py	83.70% <91.17%> (+4.89%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0ee6bb7...e939a56. Read the comment docs.

[filmaj]

Nice work, but damn, this gets complicated fast! 🙈

[filmaj]

I think if we can provide an example of when the situation described in this comment arises (i.e. via the situation described in #574) it may give helpful context to future maintainers reading through this code. I have just now freshly read up on the issue and PR and I am already confused by this rather complex use case! 😅

[seratch]

Thanks. I don't think we should add a very long comment here but I will add a bit more details here before merging this.

[filmaj]

👌