events: trigger 'review_status_change' when reviewers are updated.
- small code refactoring
- extended commenting event with comment
- extended review_status_change event with new status
auth: add scope and login restrictions to rhodecode plugin, and scope restriction to token plugin.
- allows limiting the usage of builtin auth to HTTP only (so force usage of tokens)
- allows migration to something like saml keeping only super-admin for login.