Service Accounts - MVC
## Purpose
The purpose of this issue is to discuss and come up with an MVC for Service Accounts
(Who can create one, where, and at what level)
## Minimum Requirements
- Created at the Top group level for SaaS and instance level for Self-managed
* instead of hiding the underlying user, we could list them (maybe on a new `Service Accounts` tab on the membership page).
* access level should be configurable instead of being `maintainers`
* service account and tokens should be somewhat independent. Eg. unlike `Project Access Tokens`, deleting the token should not delete the service account. Of course, deleting a service account should delete all associated tokens.
* allow the creation of multiple service accounts
* allow the creation of multiple `PersonalAccesTokens` per service account
* add more and more token types
epic