This change is being backported because it provides a helper method in
the unit tests that another change relies on.
If a user has a role assignment on the system, which implies another
role assignment, the system-scoped token response should include
both role assignments.
This patch exposes a bug in the system-scoped token implementation
where implied roles aren't expanded out before returning the
token response to the user.
(cherry picked from commit 6d7cfdb4ba5b8ce81d656dd22316505af6d382b8)
(cherry picked from commit 1403a9645d3dca20a681e0ffee3f5ac3a36fe0c6)