Move Project Access Tokens to the free tier
While I understand the gitlab reasoning of having certain features behind the payed tier, security should not be one of them. The Project Access Token may offer enterprise-like features, more importantly however, it also helps to reduce attack surface.
People will not think 'oh, I cannot use this feature of gitlab because I do not pay for it.', instead they will come up with work-arounds, like using group or personal access tokens instead. Since we lack fine-grained control of tokens (there's epics and issues surrounding that), worst case, a users token, granted full API access to everything the user has access to, which crosses projects, could get leaked. While this would still be true with a project token, the scope would already significantly reduced, to only that single project.
Ideally, we'd have CI_JOB_TOKENS with fine grained control; which would remove this security nightmare.