Going through this document, metascopes is basically governing for what APIs your user is having access to and credential should be valid for those APIs only i.e. AEM Cloud APIs. There are various metascopes for different APIs mentioned in above document i.e. Adobe I/O, Adobe Experience Cloud etc , even though it does not specially mentions ent_aem_cloud_api. I hope it clarifies.