More granular API / OAuth token scopes

At present, Front API/OAuth tokens have very wide permissions, such as the "Shared Resources" token scope allowing read+write access to all shared resources.

To help improve security, it would be great to support more granular scopes such as read/write per resource type both on API tokens and tokens granted via OAuth.
For example, scopes could be;

• conversations.read // Allows reading conversations/messages

• conversation.write // Required for sending messages

• contacts.read // Allows fetching/listing contacts

• contacts.write // Allows creating/updating/deleting contacts

• etc ...

There are plenty of cases where we might want to grant an integration partner access to some Front data, but not everything; such as a CRM sync tool getting only permission to access Contacts + Accounts + Custom Fields, but no Conversation or Teammate data.