feat: Implement allow_list for scopes for resource specific permissions (#5769)

* feat: Implement allow_list for scopes for resource specific permissions

Feature that adds an allow_list for scopes to specify particular resources.
This enables workspace agent tokens to use the same RBAC system as users.

- Add ID to compileSQL matchers
* Plumb through WithID on rbac objects
* Rename Scope -> ScopeName
* Update input.json with scope allow_list

Co-authored-by: Cian Johnston <cian@coder.com>

enterprise/coderd/coderdenttest/coderdenttest_test.go

@@ -44,7 +44,7 @@ func TestAuthorizeAllEndpoints(t *testing.T) {
 	})
 	require.NoError(t, err)
 
-	groupObj := rbac.ResourceGroup.InOrg(admin.OrganizationID)
+	groupObj := rbac.ResourceGroup.WithID(group.ID).InOrg(admin.OrganizationID)
 	a := coderdtest.NewAuthTester(ctx, t, client, api.AGPL, admin)
 	a.URLParams["licenses/{id}"] = fmt.Sprintf("licenses/%d", lic.ID)
 	a.URLParams["groups/{group}"] = fmt.Sprintf("groups/%s", group.ID.String())
@@ -94,10 +94,7 @@ func TestAuthorizeAllEndpoints(t *testing.T) {
 	assertRoute["GET:/api/v2/organizations/{organization}/provisionerdaemons"] = coderdtest.RouteCheck{
 		AssertAction: rbac.ActionRead,
 		AssertObject: rbac.ResourceProvisionerDaemon,
-	}
-	assertRoute["GET:/api/v2/organizations/{organization}/provisionerdaemons"] = coderdtest.RouteCheck{
-		AssertAction: rbac.ActionRead,
-		AssertObject: rbac.ResourceProvisionerDaemon,
+		StatusCode:   http.StatusOK,
 	}
 	assertRoute["GET:/api/v2/groups/{group}"] = coderdtest.RouteCheck{
 		AssertAction: rbac.ActionRead,