Instead of giving them read only credentials let’s spin up a server that wraps the cli and only has read only credentials…

Seems pretty roundabout.