Add metadata recommendation and example for protected resource

[meghnadubey]

We should add protected resource metadata recommendation and examples/best practices for resource servers.
And particularly emphasize the value of up-to-date scopes_supported object in the .well-known/oauth-protected-resource response. This can then power the discovery of scopes for IdPs and requesting parties implementing id-jag.

[meghnadubey]

@aaronpk @mcguinness has there been any discussion on proposing id-jag related metadata for protected-resource and authorization-server well-known metadata endpoints.

[mcguinness]

I wouldn’t expect any new metadata on PRM. #34 (comment) is tracking the AS metadata gap for the Resource Authorization Server.