[Feature Request] Support scopes and network limitations for API tokens

[arbales]

It'd be useful for ZeroTier to support multiple scopes, so that services like zeronsd can have read-only access required to run, but not make other changes to one's network(s). Readonly, and per-network access would both be useful places to start.

[janjaapbos]

I have not checked, but I assume API tokens are created for a specific user account. You can set those rights on a user account.

[arbales]

Yes, but they are read-write and apply to all networks. Read-only and network-scoped keys seem like a straightforward ask, and a tablestakes security feature for a product like ZeroTier.