Technically none.
The users API requires no scopes and no Token at all
It is suggested you use an App Access Token
To get the higher rate limit of 800, but since you already have a Bot User Access Token, that token will suffice to get the higher rate limit and future proof you ready for
But the users API lets you look up 100 users in a single request.