While the new custom scopes (e.g. that can access for one token for just k8s changes, and another for loadbalancers), it is missing the option to additionally restrict it to different projects.
For instance, if I have two different projects on my account (e.g. a prod and dev version, or just two completely separate products) - I want to be able to limit access of the API tokens not just to the features (e.g. k8s, or loadbalancers) but also which project it can effect. That way if one of the projects is compromised, the other one can not be impacted.