How can I limit the Oauth2 scope when logging in with my user principal using (non service account):
gcloud auth login
Background: I created a Gsuite Takeout, got the Takeout Bucket. Now I want to download all the files, but I want to give gcloud read-only permissions to Google Storage. Creating a service account with limited scope seems not to work, since a Takeout Bucket seems somehow "special" - any more details on that?