Describe the feature you'd like to request

I think there is a valid use case to allow read only access to a remote cache. For example your CI could be configured for read/write but devs on local machines should ONLY be able to READ if security is a concern (as is in our organization).

Describe the solution you'd like

Distinugish between TURBO_TOKEN and TURBO_READ_ONLY_TOKEN. If a read only token is configured then PUTs to the cache are not attempted.

Describe alternatives you've considered

We are using one of the open source implementations of the turbo cache. We deploy 2 instances of them and each are backed by the underlying same store (s3 via Min.io) such that they share the same artifacts. The first instance is configured with a read/write token to the store and intended to be used by CI, then second instance is configured with a read only token via a policy on the store to prevent writes (intended for local devs).

The issue is that when using the first instance (w/ read & write) I get 100% cache hits for a given operation. The second instance however returns a high number of intermittent cache misses (when there in fact should be hits) with dozens of the following error when running in verbose mode.

2022-05-05T08:57:03.651-0400 [DEBUG] run.analytics: failed to record cache usage analytics: error="skipping HTTP Request, too many failures have occurred"

The remote cache logs as expected return 403s whenever a PUT is attempted (as expected). I don't quite understand what is happening underneath the hood, but it appears that there is a correlation when configuring the store to reject writes for a given token and that turbo is backing off GET requests and falling over to a cache miss. (At least that is my theory).

The alternative we're going to try is to have an nginx rule on the read only instance to intercept PUTs and simply return a 200 to see if turbo handles this better and enables a full read-only mode.

All this is a bit hand wavey so it would be awesome if there could be a supported path for this such that turbo itself doesn't assume READ and WRITE but can be configured as a READ only.