This adds a new communication flow for OmniAuth logins between
GitLab instances. When we set up the application, we attempt to detect
if the appliation is being used for authentication (via a query
parameter), and if so, enforce the use of a restricted scope, preventing
login apps gaining full API access.