Limit automatic token reuse detection to token rotation API

As discussed in gitlab-com/gl-infra/production#16047 (comment 1471822936), let's limit automatic reuse detection to the following endpoints:

• POST /personal_access_tokens/:id/rotate
• POST /groups/:id/access_tokens/:token_id/rotate
• POST /projects/:id/access_tokens/:token_id/rotate