[suggestion] granular access tokens UI and usability improvements

[panva]

Having a number of packages for which I wish to have expiring granular access tokens I find myself struggling to be able to go through a rotation quickly and efficiently in such a way that I am not discouraged from just setting the expiration to years, leading to bad secret practices.

My goal is to have 1 granular access token per package which expires in <as short as I'm willing to repeat the rotation process> and has the github actions CIDR addresses (from which I publish using provenance).

This is currently absolutely impossible to setup for even a single package because of how clunky the IP ranges UI is.

Here are my suggestions to make the UI and UX better.

• Have a refresh action button in the UI

  • this button takes all attributes of the existing token and pre-sets them in the create view
  • put two more date ranges in the UI - 6 months and 1 year, given how unfriendly the process is I'm unwilling to repeat this process any more frequent than 1 year.

• Improve the IP ranges UI - make it a textarea element where each line is an additional range

• better IP ranges integration with known CI services - allow me to select a CI product to tie the range to, it shouldn't be impossible for npm to sync the ranges with e.g. github's ranges from the API github provides so that I can just select github actions and know the token's only usable from there for the token's duration.