Based on the operator feedback, we have updated the RBAC
community wide goal to drop the system scope from all the
OpenStack services except Ironic and Keystone[1]. We are keeping
scope_type in policy-in-code and every policy will be scoped
to project whihc will help to return better error code (403)
if system token is used to access the glance APIs (in case
deployment having Ironic, Keystone using the scope checks).
[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html
Change-Id: Ie3174593454e35d23a3e2be439a9213bbfa1a89e
f7b0d1cba1