Allow a read_user token to access instance version API

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

To access the /version API endpoint, we currently require the full api access token scope, but because we surface this information on /help to any authenticated user, I think we can lower the requirements to the read_user scope, despite being a bit of a misnomer.

We have a use case for this in the QA project, where we need to know the version running on staging.gitlab.com, and it would be more secure if the access token we stored as a secret variable only had the minimal permissions.

cc @DouweM