Project-level deploy tokens fail on Maven project endpoint

This is very similar to #235822 (closed) but applies to project-level token and endpoint.

Summary

Using a project-level deploy token to try and interact with the project-level Maven registry will result in a 403.

Steps to reproduce

1. Ensure you have a private project that contains Maven packages
2. Create a project-level deploy token with the read_package_registry scope
3. Attempt to interact with the Maven registry using the deploy token as the authentication method. A sample curl request can be seen below:

curl -H "Deploy-Token: <token>" \
  https://gitlab.com/api/v4/projects/<project_id>/packages/maven/<my/package/0.1.0-SNAPSHOT/my-package.pom>

Please update the above request to fit your specific token, project, and package. This could also be tested using the available package as a dependency in an alternate maven project.

What is the current bug behavior?

Using the project-level deploy token results in a 403 when attempting to interact with the project-level package registry. Switching the same request to use a Personal Access Token instead works as intended.

GitLab's response for the above CURL request is:

{"message":"403 Forbidden"}

What is the expected correct behavior?

Project-level deploy token with properly scoped permissions should successfully interact with the project-level package registry.

Output of checks

This bug happens on GitLab.com.

Workaround

Users can work around the issue by using a Personal Access Token.