Don't allow creating personal access tokens with no scopes

Current Behavior

Users are allowed to create personal access tokens without any scopes (scope-less tokens are unable to authorize any action on GitLab)

Expected Behavior

Users shouldn't be allowed to create personal access tokens without any scopes, possibly by showing a validation error.

Related Issues / Notes

• https://gitlab.com/gitlab-org/gitlab-ce/issues/26281#note_20958253