docs: clarify token privilege scoping

[Aamod007]

Description

This PR resolves Issue #378 by explicitly clarifying how API authentication tokens handle privileges in Layer5.

Changes Made

• Added a new \Privilege Scoping\ section to \content/en/cloud/concepts/identity-and-security/tokens.md.
• Clarified that tokens are identity-scoped, meaning they inherently carry the exact same privileges, roles, and permissions as the user account that generated them.
• Specified that fine-grained, token-specific privilege scopes (like strictly read-only tokens) are not currently supported, ensuring users understand that the token grants the bearer the same level of access as the generating user across all environments.

ScreenShot

Closes #378

[gemini-code-assist]

Code Review

This pull request adds a new 'Privilege Scoping' section to the Layer5 Cloud tokens documentation to clarify that API tokens are identity-scoped. The review feedback suggests updating this new section to use the second-person perspective ('you', 'your') to maintain consistency with the rest of the document, and provides a code suggestion to resolve this.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[Aamod007]

@leecalcote @sudhanshutech @Bhumikagarggg , could you please take a look and review it when you have a chance?

[github-actions]

🚀 Preview deployment: https://docs.layer5.io/pr-preview/pr-1101/

Note: Preview may take a moment (GitHub Pages deployment in progress). Please wait and refresh. Track deployment here