AbstractProvider::getAccessToken must send default scopes

[liayn]

Using password grant to retrieve an access token some (all?) providers require a scope to be sent along.
Examples are: Microsoft EntraID, WSO2
Documentation: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth-ropc#authorization-request

\League\OAuth2\Client\Provider\AbstractProvider::getAccessToken should therefore be adjusted to:

1. Allow passing an array of scopes as an option
2. Fall back to the default scopes of the provider if none are provided in step 1

---

Keep in mind that it is impossible to make a workaround for this issue.
That is due to the fact that it is not possible to retrieve the scope separator or default scopes from outside a provider (methods are protected in interface!).