Investigate OAuth compatibility for personal access tokens

Overview

Our current PATs don't comply with the OAuth 2.0 spec. We should consider a path to unify all of our access tokens behind a single access token to rule them all, just scoped in a variety of ways (functionally + by project/group).

Proposal

Investigate changes needed to PATs so they're OAuth compatible. See https://gitlab.com/gitlab-org/gitlab-ce/issues/20993#note_173132336 for a start. 🙂