Seperate API key authorization from user authorization

I have a script that needs read-only API access to LibreNMS. Because none of our users are read-only, I need to add a new user. Because our authentication is AD, this means I have to add a user to AD to get them to show in LibreNMS despite the fact they will never authenticate through AD. I can (and did) use the CLI to force in a MySQL user which works just fine because only the key is ever used. The script isn’t a real person obviously and the need to attach them to a full account seems a bit overkill. How about letting us just create API keys and attach an authorization profile to the key (like read-only)? This would be much simpler.