Description

• Add user-friendly composite scopes that expand to multiple low-level scopes at auth time, e.g.,coder:workspaces.create,coder:workspaces.operate,coder:workspaces.access,coder:templates.build,coder:templates.author,coder:apikeys.manage_self.
• De-duplicate overlaps during expansion.

Key files/areas

• coderd/rbac/scopes.go (mapcoder:* names → list of low-levelresource:action scope names).
• Auth middleware to expand high-level strings before policy evaluation.

Acceptance criteria

• Tests prove that each composite scope expands to the documented set in the RFC.
• Composite + low-level combinations work and de-duplicate correctly.