Device Authorization Flow not working with offline_access scope / refresh token

[Exotrom]

Describe the bug
When using the Device Authorization Flow, including the offline_access scope won't include a refresh_token in the token response.

To Reproduce
Steps to reproduce the behavior:

1. Init a device authorization flow while requesting the offline_access scope
2. Confirm the device code
3. Retrieve the token

Expected behavior
Token response contains a refresh_token

Version and Deployment (please complete the following information):

• authentik version: 2024.8.1
• Deployment: docker-compose

Additional context
I think, there is an error in the https://github.com/goauthentik/authentik/blame/main/authentik/providers/oauth2/views/token.py#L714
Current implementation requires the token request to contain the offline_access scope, however, I think it must be included in the initial device authorization request.

if SCOPE_OFFLINE_ACCESS in self.params.scope

vs.

if SCOPE_OFFLINE_ACCESS in self.params.device_code.scope