Reevaluate permissions needed by Gitpod app

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Description

Currently, it looks like the Gitpod app requires access to the full user API which seems excessive 🤔

This opens up a security attack vector for compromising users and could even be a deterrent for user adoption. Let's evaluate what permissions are actually needed by Gitpod. Maybe GitLab needs to expose some permissions in a more granular way?