[BE] Config: New graphql query to surface all permissions, resources and boundaries needed for fine-grained PATs creation

We need a query to fetch all available fine-grained PAT permissions so that they can be shown to the user as selectable permissions in the UI. Refer to this permissions spreadsheet.

Proposed query:

query {
  personalAccessTokenPermissions {
    category
    resource
    value
    type
    boundaries
}

Example response:

{
  personalAccessTokenPermissions: [
    {
      category: 'Administration',
      resource: 'Access Tokens',
      value: 'READ_ACCESS_TOKENS',
      type: 'READ',
      boundaries: ['PROJECT', 'GROUP']
    },
    {
      category: 'Tokens',
      resource: 'User Tokens',
      value: 'ADMIN_USER_TOKENS',
      type: 'ADMIN',
      boundaries: ['USER']
    },
  ]
}

Field name	Possible values	Description
`category`	Category name	Category of the permission
`resource`	Resource name	Resource name of the permission
`value`	Value enum	Value name of the permission
`type`	`READ`, `CREATE`, `UPDATE`, `DESTROY`, `ADMIN`	Verb for what the permission does. Only one value.
`boundaries`	`USER`, `PROJECT`, `GROUP`, `ADMIN`	Which boundaries the permission applies to. Can be multiple values.

Please do not page this collection with a connection, it should return the entire list in one query.

Edited Oct 19, 2025 by 🤖 GitLab Bot 🤖