use non-admin token for sonarQube (#8731)

Author: jbsmith7741

backend/plugins/sonarqube/api/blueprint_v200.go

@@ -131,7 +131,8 @@ func GetApiProject(
 	}
 	query := url.Values{}
 	query.Set("q", projectKey)
-	res, err := apiClient.Get("projects/search", query, nil)
+	// Use components/search_projects for consistency and normal-token (Browse) support.
+	res, err := apiClient.Get("components/search_projects", query, nil)
 	if err != nil {
 		return nil, err
 	}

backend/plugins/sonarqube/api/remote_api.go

@@ -48,7 +48,8 @@ func querySonarqubeProjects(
 	if page.Page == 0 {
 		page.Page = 1
 	}
-	res, err := apiClient.Get("projects/search", url.Values{
+	// Use components/search_projects so non-admin (Browse) tokens can list projects.
+	res, err := apiClient.Get("components/search_projects", url.Values{
 		"p":  {fmt.Sprintf("%v", page.Page)},
 		"ps": {fmt.Sprintf("%v", page.PageSize)},
 		"q":  {keyword},

config-ui/src/plugins/register/sonarqube/config.tsx

@@ -55,7 +55,11 @@ export const SonarQubeConfig: IPluginConfig = {
           setErrors={setErrors}
         />
       ),
-      'token',
+      {
+        key: 'token',
+        subLabel:
+          'A token with Browse permission on the projects you want is sufficient for listing projects and collecting issues, hotspots, and file metrics. Listing Accounts (users) may require a system admin token on some SonarQube instances.',
+      },
       'proxy',
       {
         key: 'rateLimitPerHour',