[Feature] Security improvement when using OAuth Application Tokens (CI, Drone, etc).

[gnat]

Currently, CI systems and apps integrate with Gitea using "full access" OAuth Application / Access Tokens.

Unfortunately this is a security issue as the tokens have full access to every repository- this has fairly serious implications if any app using these tokens is compromised.

To keep things simple, I propose an easy way to add access control:

• New checkbox setting on each repository, whether or not it's accessible to OAuth Applications.

This has a nice side effect of cleaning up repositories from the build list when using automated CI systems such as Drone.

Thanks!

[gnat]

Also I believe this has been proposed years ago in the past (granular access controls for OAuth Access Tokens, read/write, etc.), but proposals have looked super complicated to the point where I fear we may never see this feature. The above would get us there for the vast majority of gitea users with less effort, be easy to document and use.

[a1012112796]

releated to #4300