Align release publisher scopes and preserve promotion submit context

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard.Tests/StandardPluginBootstrapperTests.cs

@@ -39,7 +39,8 @@ public class StandardPluginBootstrapperTests
                         ClientId = "stella-ops-ui",
                         DisplayName = "Stella Ops Console",
                         AllowedGrantTypes = "authorization_code refresh_token",
-                        AllowedScopes = $"openid profile {StellaOpsScopes.UiRead} {StellaOpsScopes.RegistryAdmin}",
+                        AllowedScopes =
+                            $"openid profile {StellaOpsScopes.UiRead} {StellaOpsScopes.RegistryAdmin} {StellaOpsScopes.ReleaseRead} {StellaOpsScopes.ReleaseWrite} {StellaOpsScopes.ReleasePublish}",
                         RedirectUris = "https://stella-ops.local/auth/callback https://stella-ops.local/auth/silent-refresh",
                         PostLogoutRedirectUris = "https://stella-ops.local/",
                         RequirePkce = true
@@ -69,6 +70,9 @@ public class StandardPluginBootstrapperTests
         var client = await clientStore.FindByClientIdAsync("stella-ops-ui", TestContext.Current.CancellationToken);
         Assert.NotNull(client);
         Assert.Contains(StellaOpsScopes.RegistryAdmin, client!.AllowedScopes);
+        Assert.Contains(StellaOpsScopes.ReleaseRead, client.AllowedScopes);
+        Assert.Contains(StellaOpsScopes.ReleaseWrite, client.AllowedScopes);
+        Assert.Contains(StellaOpsScopes.ReleasePublish, client.AllowedScopes);
         Assert.Contains("authorization_code", client.AllowedGrantTypes);
         Assert.True(client.RequirePkce);
         Assert.Equal("demo-prod", client.Properties[AuthorityClientMetadataKeys.Tenant]);