Limit API keys to single SP's

[phavekes]

See CXT-84026

It is useful to scope API key's to a single application, eg when a application is hosted or operated by a 3rd party.

[oharsta]

@phavekes Is this not already covered by personal user API tokens?

[phavekes]

This is the institution admin generating a token that can preform all actions (on roles and invitations) but limited to a single application.

[phavekes]

Or is this an application-admin question?