Add application logs and audit event logs when creating and revoking Personal Access token

Release notes

Problem to solve

This is a pre-requisite for #17176 (closed)

Currently, we do not log any attempts to create a personal access token. Since we need to add an ability for the admin user to create personal access tokens for other users, we would like track any successful or failed attempts. See this thread for related conversation.

Intended users

User experience goal

Proposal

Add logging to PersonalAccessTokens::CreateService and PersonalAccessTokens::RevokeService. Since audit event logs is an Enterprise feature, also create application logs.

Further details

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Links / references