Following adding support to limit personal access tokens to a specific project https://gitlab.com/gitlab-org/gitlab-ce/issues/20993 we should add support for limiting them to groups too. ### Proposal Add the ability to limit API access by personal access tokens to specific groups when creating a token. * In `/profile/personal_access_tokens`, allow a user to optionally specify which groups should be accessible when creating a PAT. A user should still be able to create a PAT scoped for all projects/groups. * A user should be able to specify a single group or multiple groups. * The list of active Personal Access Tokens presented on this page should reflect the scope of the token (e.g. if applicable, the projects the PAT is scoped to). * A user should be able to revoke from the list, as they're currently able. * This functionality will be used to build [Group Level Access tokens](https://gitlab.com/gitlab-org/gitlab/-/issues/214046). * We also plan to use this functionality to build a Group-specific [Credential Inventory](https://docs.gitlab.com/ee/user/admin_area/credentials_inventory.html#credentials-inventory-ultimate-only) for Gitlab.com. A group administrator can remove their group from the scope of a users' PAT.