Extend job_token_allowed in API to accept array of accepted methods

Problem to solve

A while back, we added job_token_allowed: :basic_auth, which makes the endpoint accept a CI job token, but only for basic auth. It is also possible to set job_token_allowed: true, but then it supports all methods except basic auth.

See this discussion for more context !111751 (comment 1282437584)

Proposal

Make job_token_allowed also accept an array of the accepted authentication options. Introduce an option :request as a more descriptive alternative to true:

# ONLY traditional job token headers
job_token_allowed: true
job_token_allowed: :request

# ONLY basic auth
job_token_allowed: true

# EITHER
job_token_allowed: [:request, :basic_auth]

The code snippet in !111751 (comment 1282455080) is almost there