CI/CD token settings API response not reflecting true settings
Proposal
Using the new "limit access to this project" settings for CI job token, the allowlist API endpoint "GET /projects/:id/job_token_scope/allowlist" still returns the allowlist even if the "Limit access to this project" feature is disabled.
As the allowlist isn't really relevant if the feature is disabled, I suggest it should return some indication that all projects have access to this project, regarding the alllowlist.
Also, the if the feature is disabled (AKA, all projects potentially have access to this project), the "GET /projects/:id/job_token_scope" endpoint returns "{"inbound_enabled":false," as if there is no inbound access allowed, but actually all access is allowed.