docs: document required OAuth scopes and API token permissions per server #307
Description
No server README explains what OAuth scopes or API token permissions a user needs to use that server. The root README shows a screenshot of permissions for browser-rendering only, but doesn't generalize.
Each server's *.app.ts file defines required OAuth scopes (e.g. account-workers-scripts:read), but this information isn't surfaced to users anywhere. When a user creates an API token to use with these servers, they have no way to know which permissions to select.
Each server README should include a section listing the required permissions, both as OAuth scope names and as the corresponding dashboard API token permission labels.