An infra-level scope which gates a bearer auth token’s access to Lexe-run
services and resources.
This is distinct from the application-level authorization that determines
which node endpoints a given client credential may call; that lives with the
revocable client machinery, not here. A LexeScope answers “what may this
token do against Lexe’s infrastructure”, e.g. the backend or the gateway
CONNECT proxy.
Scopes form a lattice: a token granted a broader scope is accepted wherever
a narrower scope is required (see LexeScope::has_permission_for).
Authorizes the gateway to act as the user’s proxy, in either of two
ways:
a CONNECT tunnel to the user’s own node, or
a request the gateway makes to the backend (AppBackendApi) on the
user’s behalf, using its own backend credentials.
This grants neither direct backend access nor forwarding of this token
to the backend; that’s LexeScope::All. May be long-lived (max 20
years), so it can back a long-lived client credential.