expose project's hooks/services secrets to API
Expose project-hooks tokens and project-services password, token and api_key readable on API GET requests rather than (currently) write-only so that API clients can advertise idempotency of their operations (--dry-run mode).
Gitlab web view actually show these tokens in cleartext. It would be logical that, having an identical permission level, an API token would provide access to this information. Tools like Ansible could then identify whether the state of the project (web-hook, service) actually changed (tokens included) and possibly avoid useless POST/PATCH requests.
In case Gitlab.com operators would be reluctant for security reasons, then exposing secrets hashed/salted would do the job too.
Links / references
See also: !7220 (merged)