There are a number of tokens in GitLab that are used for programmatic access - we should unify these into a single token that we extend for additional uses instead of creating new tokens to manage in the application. Unifying tokens will require rich scoping. We should also introduce the ability to control blast radius and restrict a token to a specific space of projects or groups. As a result, we'll be able to offer instances tight control over programmatic access into the application and serve these needs with a single token/experience.