Expose UserLogin (private token) rather than UserSafe in discover API

What does this MR do?

It expose private token in /discover API so it can be used to access the API when you provide a valid private key to gitlab shell. See https://gitlab.com/gitlab-org/gitlab-ce/issues/23835

Please keep discussion track on the ISSUE (gitlab-shell PR also related)

Are there points in the code the reviewer needs to double check?

I assume /discover is an INTERNAL api and will not "leak" sensitive information to un-granted users

Why was this MR needed?

It's a first step so gitlab-shell can acces this information in a friendly manner

Does this MR meet the acceptance criteria?

I'll glady provide changelog & documentation & API support if you agreed on this

• CHANGELOG entry added
• Documentation created/updated
• API support added
• Tests
  • Added for this feature/bug
  • All builds are passing
• Conform by the merge request performance guides
• Conform by the style guides
• Branch has no merge conflicts with master (if it does - rebase it please)
• Squashed related commits together

What are the relevant issue numbers?