Allow personal access to be scoped
Related to OAuth token scopes: #13951 (closed)
- Personal access tokens are being implemented in !3749 (merged)
- As of right now (in that MR), personal access tokens are unscoped, which gives them too much access
- A few details on implementation: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3749#note_12210651