How should I properly to grant a Premium App service account read access to /api/v2/recordings without assigning the full Admin role? The Genesys Docs imply standard scopes are sufficient, yet our integration consistently fails with 403 Forbidden when attempting to fetch recording metadata for audit logs.