[maven] Access token with full access only

When you have a private Maven Repository project (Packages) you need to use Access Tokens.

1. One with full (read/write) access scope, so authors of a library can publish artefacts.
2. Another with read-only access scope, so all consumers can add artefacts to dependencies (read).

Currently Packages (maven artefacts) access is ruled by api scope. And it's read and write.

Grants complete read/write access to the API, including all groups and projects.

Maybe Packages should be affected by read_repository scope, which may be set to 'read-only'. Or explicit scope should be added.