It would be great to have more granular control over API key permissions, especially the ability to create read-only access keys.