Don't require write access to Google Sheets / Drive for project creation

[tfmorris]

OpenRefine currently uses Google authentication for two different purposes: 1) creating projects from Google Drive or Google Sheets documents and 2) uploading data to Google Sheets / Drive. For the first, only read access is required and it's an unnecessary security risk to be asking for full read/write access as we currently do.

To Reproduce

Steps to reproduce the behavior:

1. Create project from Google Data
2. Login to Google
3. Note that the scopes listed in the OAuth authentication dialog include full access, not read only access

Current Results

Full read/write scopes are requested

Expected Behavior

drive.readonly and spreadsheets.readonly are requested instead of the full drive and spreadsheets versions.

[wetneb]

This would likely mean also having a workflow to request the additional permissions when exporting to Google Drive, if the user was already logged in with read-only permissions.

[tfmorris]

Currently I think the login flow is triggered by the absence of a cookie, but I think the preferred/recommended way is to use an access failure to trigger it, which I think would deal with both cases. Otherwise, you need to get into the business of introspecting the cookie contents to see what scopes it contains (and it still might not represent a valid token).