Add api scope for oauth sudo access

Description

Currently sudo access through the api is only permitted if you provide an admin's private-token.

This creates a problem for API integrations that want to have admins login through oauth, and then perform sudo operations, as there is no longer a way for them to either retrieve the private token, or to sudo.

Proposal

Add an additional API scope, similar to the recent read_user scope, that will grant api sudo access.

Links / references

private-token only sudo access added: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7615

read_user scope added: https://gitlab.com/gitlab-org/gitlab-ce/issues/20492

related customer issues: https://gitlab.zendesk.com/agent/tickets/55132

cc\ @tiagonbotelho @rymai