Introduce scope_types in os-admin-password

oslo.policy introduced the scope_type feature which can
control the access level at system-level and project-level.
 - https://docs.openstack.org/oslo.policy/latest/user/usage.html#setting-scope
 - http://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/system-scope.html

Appropriate scope_type for nova case:
- https://specs.openstack.org/openstack/nova-specs/specs/ussuri/approved/policy-defaults-refresh.html#scope

This commit introduce scope_type for os-admin-password API policies
as 'system' and 'project'.

Also adds the test case with scope_type enabled and verify we
pass and fail the policy check with expected context.

Partial implement blueprint policy-defaults-refresh

Change-Id: I859dca0acdd76fa385014bc96b2f24df522be4f4

nova/policies/admin_password.py

@@ -23,15 +23,16 @@ BASE_POLICY_NAME = 'os_compute_api:os-admin-password'
 
 admin_password_policies = [
     policy.DocumentedRuleDefault(
-        BASE_POLICY_NAME,
-        base.RULE_ADMIN_OR_OWNER,
-        "Change the administrative password for a server",
-        [
+        name=BASE_POLICY_NAME,
+        check_str=base.RULE_ADMIN_OR_OWNER,
+        description="Change the administrative password for a server",
+        operations=[
             {
                 'path': '/servers/{server_id}/action (changePassword)',
                 'method': 'POST'
             }
-        ])
+        ],
+        scope_types=['system', 'project'])
 ]