Add private token API
Description
You can't directly use kerberos auth to make write requests to the API. Instead, you have to do a wacky auth dance. See: https://gitlab.com/gitlab-org/gitlab-ee/issues/1469
The cookie obtained through the wacky dance might expire. So it would be good to get a token that won't expire (unless someone explicitly requests that it does).
Proposal
That's what the private token is. Once you've done Kerberos auth, you can get that token by screen-scraping. But it would be better if there were an API, since screen-scraping is not fun.
Patch at #11887