I think this provides a better separation. Tokens and the policy
editor don't belong on a page for managing users, since they are
not users. Tokens are tied to both an account and a project,
so it is reasonable to store them on a project-specific page. Add
text to that page to explain how personal access tokens work.
d4ce9e078c