Scopes let you control what services / APIs can be called from DEFAULT service accounts. Only Default SAs get to be defined by scopes (since their default scope can be excessive).

Custom Service accounts can not be limited via scopes - you need to use Cloud IAM to grant granular access to custom service accounts.