feat(oauth-client): add metadata document deserializer and ScopeSet parser
Task 1 of Phase 4: Implement RawMetadataDocument deserialization with
Option<T> fields allowing lenient parsing. Add ScopeSet parser that validates
the atproto permission grammar, rejecting unknown resources, empty positional
parameters, and invalid query syntax. Includes 10 unit tests covering all
specified scenarios.
- RawMetadataDocument struct with all fields optional
- parse_raw(bytes) helper for JSON deserialization
- ScopeToken enum (Atproto, Permission)
- ScopeSet struct wrapping parsed tokens
- parse_scope(s) with comprehensive grammar validation
- ScopeParseError with stable diagnostic code
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>