Add subscopes to GitLab API

During a discussion in slack with @winh, we noticed that there aren't any API subscopes in GitLab. This is a potential security risk because if a gitlabber authorized his/her account using SSO to another website or service that was malicious, we could be exposing confidential gitlab data to a third party.

We should add subscopes that allow basic authentication and nothing else (similar to what Facebook and twitter do)