I looked into why exactly wiki.js needs the guilds permission from Discord, and while it's a valid use case, and in the source it shows it's only used for if you want to restrict registering for members of a specific guild and then discards it, it still feels like a bit much for this.

With a small change to that authentication.js file, specifically here, the scope can be changed to only username and email.