Endpoints should respect M2M scopes when returning nested data

[maxceem]

At the moment we have some endpoints which return some nested data without respecting M2M scopes for nested objects.

• For example, we have endpoint GET /jobs which we call using M2M token with scopes read:taas-jobs or all:taas-jobs. But this endpoint returns not only Job objects but also Job Candidates objects inside. Though to get Job Candidates M2M token should have read:taas-jobCandidates or all:taas-jobCandidates scopes
• The same things for GET /taas-teams, GET /taas-teams/:id, GET /taas-teams/:id/jobs/:jobId

In general, we have to make sure, that ALL endpoints in TaaS API which return some nested object check that M2M token has scopes for getting these objects.