Add management of Token Scoping Policies in the interface

[npestana]

It would be great to manage the policies in the web app. It's annoying to create a temporary token in the interface to use the API every time.
Having a permanent admin token weakens the multi-factor authentication, since we are adding a single-factor authentication possibility.

[peterthomassen]

This is a great proposal!

Unfortunately, it's more complex than it might seem: starting with a configuration modal for a given token, one would have to retrieve all currently defined policies for the token (if any) and then also integrate the domain list (at least if the domain scoping selection field should be a drop-down or auto-complete). Note that the domain list requires pagination if a certain number of domains is exceeded.

We currently don't have time to work on this, but we'd be happy to accept a PR.

Having a permanent admin token weakens the multi-factor authentication, since we are adding a single-factor authentication possibility.

Well, yeah, you shouldn't keep it around needlessly long.

Unfortunately, implementation of this feature is quite some effort. (We are more experienced in backend coding, which translates to more effort than normal for GUI works.)