Customize permissions required by a managed package

The feature that allows restrictring API access from managed packages (known as package access control, or PAC) has been deprecated and is no longer available for new packages. Existing packages that have it enabled can disable it in the subscriber org via the same method as the old answer. If you need to disable this as a package publisher you'll need to reach out to Salesforce support and reference bug W-4164180. Support should be able to turn on the PAC UI in your publishing org temporarily while you disable it.

You should not enable this (and generally, can't) for new pacakges that are not already grandfathered in.

(The source of this new information was talking directly to the packaging dev and PM team, so I'm afraid I don't have good public links to share)

---

Old, outdated answer follows for historical interest:

Under the Setup > Create > Packages > (your package) menu there is an "API Access" field: . Selecting the "Enable Restrictions" link brings you to another page where you can specify exactly what level of CRUD access your application needs for various objects: .

Note that once API access is enabled some system objects, like tags, are inaccessible to your application. If you make heavy use of system SObjects this may not be something you can enable.