We added the application manifest to allow service provider a version-controlled json-configuration of their application. You can find details in the documentation.
For now, the primary use-case is to request additional permissions for the application. This allows you to use more actions and information of the platform-api. For example you can list all the projects of an user or access his settings. All requested permissions have to be accepted by the users before they can be used. While this is currently for requesting additional permissions, it will be also for defining all used permissions in the future. This makes it easier for users to decide if they want to use and trust an application or not.
The MVP creates the basis for requesting permissions. Once this features reaches a stable level, it deprecates the default application permissions (like a project member) and they will be removed. You can keep using those by specify them in the manifest. In the future, we will make it easier for the user to understand the permission workflows as well as the naming of them.