It would be very useful to be able to configure API tokens (and their access rights) for a job (including Folders).

It's a common situation where your security realm (LDAP, AD, etc.) is not managed by the same people who manage Jenkins. Therefore "service" users cannot be created in order to e.g. grant read access to job status/artifacts. It's also not possible to generate tokens for yourself that grant less access that you have.