Review oauth implementation
Currently Maps asks the user to enter their email and password to log into OSM in order to edit the map. It then shows a verification code in an embedded webkitgtk web view which the user needs to copy and paste into an entry on the login dialog maps provides.
This is considered bad practice as the app should not be asking the user for their email/password directly.
OAuth on OpenStreetMap is a mechanism which allows users to authorise third party applications to do things with their OSM user account - without that application handling the user's password.
It also introduces an unnecessary dependency on webkitgtk which could be removed which would be a win from a GTK4 blocker point of view.
Cawbird seems to just spawn the users web browser to authenticate a request instead and it works quite well, even in a sandbox. It's the users default browser as well, so if they are logged onto openstreetmap on their default browser then it will be easier for them to authenticate the request with it anyway.
I know there is another issue on the tracker around using GOA atm but not sure if that's the best idea today. GNOME has been having issues with rate limits from different cloud providers and it probably doesn't make sense to have many apps sharing the same token as a result.