Update restricted API key permissions required
The documenetation does not accurately reflect which permissions are required in a restricted API key setup: https://docs.civicrm.org/stripe/en/latest/install/#how-to-update-stripe-api-version
The text disagrees with the screenshot, and the screenshot looks out of date when compared to the Stripe interface. Also, I think the 'paymentIntent' and 'setupIntent' permissions are now required, among others.
I've tried having a look through, but it's quite difficult to tell which permissions are in-use by the extension.
This would be a great extra level of security to implement, if possible.