Task - RBAC AuthZ - Multi scope roles: Make sure it doesn't introduce security concerns with risk of over-provisioning permissions

[rodmgwgu]

• Make sure that the authz APIs that are used to assign roles validate the scope string so they only allow globs after a valid org name. (don't allow things like "course-v1^course*" or "course-v1^c*", only "course-v1^course-v1:OpenedX*" or full course key).
• Create a set of test cases to test for expected behaviors when validating permissions both with and without globs.
• Think on possible ways an attacker would try to craft malicious queries and test for that.

See https://openedx.atlassian.net/wiki/spaces/OEPM/pages/5404590081/Technical+Discovery+Notes+-+AuthZ+for+Course+Authoring

[BryanttV]

This task is currently being addressed in this PR, which includes a set of tests to ensure that no security issues arise from granting permissions that should not be granted.