Function record_required_permission 

pub fn record_required_permission(
    op: &mut Operation,
    scheme: &str,
    scope: &str,
    display: &str,
)

Record a per-operation permission requirement on op, emitting:

• A standard SecurityRequirement referencing scheme with the supplied scope — so OpenAPI client codegen sees a required OAuth scope and threads it through to the token request.
• An x-required-permissions vendor extension entry containing display — a machine-readable list of the actions a request must satisfy, available to tooling that walks the spec.
• An x-badges vendor extension entry shaped for Scalar’s native badge renderer ({name, color}) — surfaces the permission as a colored chip on each operation header, no markdown injection. Scalar accepts any CSS color value; we use the Scalar CSS custom property var(--scalar-color-accent) so badges adopt whatever accent color the active theme defines.

All three writes are idempotent — repeated calls with the same arguments don’t duplicate. The scope is the canonical machine identifier (e.g. an OAuth2 scope string); display is the human label rendered in badges and in x-required-permissions.