Hey Bastien,
The team agrees that this would be a useful feature to add in the future. We don't have short term plans to implement this right now though. Adding support for this is related to supporting API requests made via Stripe Connect which was out of scope originally. We do hope to add this in the future but not in the coming days or weeks unfortunately.
Thinking about this a bit more, I have a feeling that the Restricted API Keys is potentially the wrong approach here. Those were designed with a different application in mind. The idea was that as a company you might have multiple systems accessing Stripe. Some are likely creating customers and charges and would need full access to the account. On the other hand, you likely have that one script that runs an automated reconciliation on a list of charges once a day or that other one that lets your own team refund charges. Those systems are less sensitive than the main integration(s) but they still need access to the main Secret API key with all permissions. Restricted API Keys allow you to create an API key with really specific permissions that protect you from a leak.
Based on what you are building, you might want to look into Stripe Connect instead. This would let users give you access to their Stripe account in read-only. From now on you can make any (read) API requests on their behalf without having to request their API keys. You can read more about this here:
https://stripe.com/docs/building-integrations
I'll follow up on this thread once we released more features for Restricted API keys though!
All the best,
Remi