[maven] Access token with full access only
When you have a private Maven Repository project (Packages) you need to use Access Tokens.
- One with full (read/write) access scope, so authors of a library can publish artefacts.
- Another with read-only access scope, so all consumers can add artefacts to dependencies (read).
Currently Packages (maven artefacts) access is ruled by
api scope. And it's read and write.
Grants complete read/write access to the API, including all groups and projects.
Maybe Packages should be affected by
read_repository scope, which may be set to 'read-only'.
Or explicit scope should be added.