As an Application Developer, I need to request API keys for published API Products and manage my active keys, so that I can authenticate my applications to consume APIs with appropriate rate limits based on my selected plan tier.

Acceptance Criteria

 - Application Developers can browse available API Products and request access by selecting a plan
  tier
 - Developers can view their pending, approved, and rejected API key requests
 - Developers receive API keys (Kubernetes secrets initially, other tokens in subsequent releases) after approval and can view them in the portal
 - Developers can delete their own API keys to revoke access
 - API Owners can view an approval queue of pending requests across all their API Products
 - API Owners can approve or reject API key requests with optional comments
 - Automatic approval workflow is supported for API Products configured with automatic mode
 - API keys are properly annotated with plan tier information for rate limiting enforcement
 - The system enforces RBAC permissions (developers can only manage their own keys, owners can manage all keys for their APIs)

Out of Scope

OAuth/OIDC tokens investigation - future consideration. We will however investigate this during this initial phase, in this issue: https://github.com/Kuadrant/kuadrant-backstage-plugin/issues/34