Self-service token management

Arthexis now includes a self-service flow for operator-managed service tokens in Django admin so integrations can stay connected through the suite instead of external side systems.

Roles and authorization

Use Django permissions to grant token lifecycle responsibilities:

• apis.manage_service_tokens: create/request, revoke, and rotate scoped tokens.
• apis.reveal_service_token_secret: reveal newly created or rotated secrets one time.

Recommended role split:

• Operators receive both permissions for day-to-day integration credential workflows.
• Auditors receive read-only admin access to Service Token and Service Token Event models.