Create MVC for fine grained access controls of tokens
Following the discussion in #368904 (comment 1853980529), this issue is to solve the first iteration of fine grained access controls of tokens.
Expected outcome
Merge !101699 (closed) with:
- being able to view which scopes a token has after its been created
- behind a disabled feature flag