Allow `read_package_registry` scope for pipeline permissions
Problem to solve
Pipelines currently use the security access of the user running the pipeline (via their personal access token or PAT) but hard-coded limitations prevent destructive actions such as writing to the repository, writing to the registry, access to the API, and so on, even if the PAT was granted these "scopes".
There needs to be a way for project administrators to grant these scopes to a "resource" (such as a project or group) to allow pipelines to perform these actions, while ensuring the pipeline permissions never exceeds the permissions of the user running the pipeline.
Intended users
User experience goal
Proposal
Enable a project administrator to grant read_package_registry
scope for pipeline permissions.