docs: GitLab Duo requires api/read_user token scope

Description

GitLab Duo Code Suggestions/Chat, and the underlying Language Server, require the personal access token scope api and read_user

The documentation generally requires api for all GitLab interactions. This MR adds a note specifically for GitLab Duo, documenting the different token scopes.

Related Issues

How has this been tested?

Customer feedback

When we tested with VS Code 1.90, it has asked for read_user scope as well.

Slack discussion with @erran (internal) https://gitlab.slack.com/archives/C058YCHP17C/p1718729813400579

for now we should fix the docs to mention api and read_user for now since that is what the GitLab Language Server validates on the client-side as a pre-flight check. Dylan opened gitlab-org/gitlab#463862 recently after closing gitlab-org/gitlab#455023 which argued that ai_features should be sufficient for Duo functionality.

read_user scope doesn't add any additional permissions since api grants the token all the things. In the future we want to support read_user and ai_features among other more fine-grained tokens rather than needing read_api or api level permissions.

Screenshots (if appropriate)

What CHANGELOG entry will this MR create?

• fix: Bug fix fixes - a user-facing issue in production - included in changelog
• feature: New feature - a user-facing change which adds functionality - included in changelog
• BREAKING CHANGE: (fix or feature that would cause existing functionality to change) - should bump major version, mentioned in the changelog
• None - other non-user-facing changes