OAuth applications are standalone resources

2 open questions related to OAuth applications:

Scoping

We have instance-level, user-level, and group-level OAuth applications. We need to reconsider the scoping of instance-level and user-level apps.

Audience

OAuth applications can be used by any user with a GitLab account to authenticate. On one hand with Cells, we want to avoid cluster-wide features. On the other hand, how do we want to support features like the VS Code extension which uses an instance-level OAuth application?