Issue Summary

Modify the current requirement for the repository:admin/project:admin scope when fetching data (for example branch restrictions) using the API to use repository:read/project:read instead.

Expected Results

For a GET call such as fetching branch restrictions, it is more intuitive and in line with the principle of least privilege to require only the repository:read scope. This scope should be sufficient to read the branch restrictions without granting full admin permissions. The same applies to API calls, which require project:admin permission for example List explicit group permissions for a project

Actual Results

When users try to fetch branch restrictions using the API, the app password necessitates the repository:admin scope or project:admin scope