I view personal access tokens as a bit different than the client credentials/API keys situation. With these tokens there’s an end-user involved and they want to grant access to their data to a specific application that would be then accessing the API on behalf of the user.
In general API Keys (as client credentials) are employed for service to service scenarios where there’s not a notion of end-users.
Right now, the general API Keys scenario is addressed by client credentials. I’m not saying that we won’t have other possibilities in the future, but that what’s available now.