Feature Description

Currently, to generate a token that can create commit statuses via the API, it must have write:repository. This is less than ideal from a security perspective, where I'd like to give a token to some automation tools that can write commit statuses but not write to the repository.

An example of this is a deployment system. I use ArgoCD with my Gitea instance and I have the notifications controller set up to send commit statuses when applications are synced successfully or with an error. In this context I don't want to have a token anywhere that can write to my repository.

Proposal: create a new permissions for commit statuses (read, and read+write) and update the API to only require commit statuses privileges to read/write commit status. Additionally, for backwards compatibility and sanity leave the repository permission as sufficient for commit statuses as well.

If this idea is acceptable, I'd be happy to implement it myself.

Screenshots

No response