Determine which TUF root to show based on actual access, not requested

access

util/secscan/api.py

@@ -105,7 +105,7 @@ class SecurityScannerAPI(object):
 
       # Generate the JWT which will authorize this
       audience = self._app.config['SERVER_HOSTNAME']
-      context, subject = build_context_and_subject(None, None, None)
+      context, subject = build_context_and_subject(None, None, None, None)
       access = [{
         'type': 'repository',
         'name': repository_and_namespace,