Scoped API OAuth and Access Token Authorization

Problem to solve

Allow developers and companies to build applications that hit the Gitlab API without seeing every single group/project. Right now the only way to develop any helper scripts or apps that need to download or interact with Gitlab have overly broad scope which is a security nightmare. API access should be able to be restricted to a user's account, a group or even just select repositories.

Intended users

Companies that are on Gitlab.com and allow developers to use private Gitlab accounts to work in company groups. Developers that are security conscious and don't want to build applications that interact with Gitlab with more permissions than required.

Further details

Main benefit is reduced security risks for developers and companies integrating with the Gitlab API.

Proposal

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

Links / references

Related Issue that would solve a little of this: #59336 (moved)

Original place I submitted this issue: gitlab-org/gitlab-ce#67006