Automatically provide a Deploy Token to projects when Auto DevOps is enabled

Description

When Auto DevOps is used for private or internal projects, the registry will not be accessible by Kubernetes after the deploy jobs is over. This prevents the cluster from fetching the image again in the future in case it needs it (scaling, failures, etc).

The solution is to create a Deploy Token that will be used as a permanent access to the registry. This could be done manually, but users using Auto DevOps may not be aware of that.

One possible solution is described in https://gitlab.com/gitlab-org/gitlab-ce/issues/44452, but we are also considering to automatically create a Deploy Token.

Proposal

If a project is private or internal, and Auto DevOps is enabled by default at instance level or specifically for the project, automatically create a Deploy Token with a specific name and read_registry scope that will be used for deployments.