Add support for rotating project access tokens

Problem to solve

In %16.0, mandatory access tokens expiration and a token rotation API are introduced. If a user doesn't renew their tokens on time, API requests will start failing and it requires some debugging on the user's part on why requests are failing. Given that a user might have several tokens (e.g. a PAT for glab, various project access tokens for individual projects) it is easy to lose track when individual tokens expire.

Proposal

Rotating tokens should be as frictionless as possible and glab could support rotating tokens. For group and project access tokens:

• Functionality to list group/project access tokens and their expiry.
• Functionality to rotate group/project access tokens. Since tokens are often used as values for CI variables, having an optional parameter that also updates the corresponding variable would be great.

For other access tokens:

• The PAT used by glab for API requests could be regularly checked for expiry and rotated if necessary.

Further details

A new subcommand token could be added to glab project. For example:

$ glab project token list
NAME EXPIRES
foo  2023-12-18

$ glab project token rotate foo
// print API response

$ glab project token rotate --update-ci-var=FOO_CI_VAR foo
// rotate token foo and update FOO_CI_VAR with the new value

Links / references