Logging token_type and token_ids for PAT requests to /api/graphql and for CI_JOB_TOKEN usage

Context

SIRT has identified areas where token_type/token_id is not being logged when tokens are used that would improve visibility. A similar MR has already been implemented to improve logging of PersonalAccessTokens so this would be an improvement along the same lines.

1. Requests to /api/graphql do not appear to log any token_type/token_id when a token has been used.
2. There does not appear to be any logging of token_type/token_id when a CI_JOB_TOKEN is used.

User Story

As a Security Operations Engineer using GitLab, during the incident response process I need to be able to understand what actions were taken with a Personal Access Token. Visibility into what actions a compromised token is critical to the initial investigation, containment, and other phases of incident response. This information may also be very important for team members doing compliance or audit work.

Acceptance Criteria

• When a request is made to /api/graphql endpoints with a Personal Access token, the logs should reflect the token_id and token_type
• When a CI_JOB_TOKEN is used, the logs should include the token_id and token_type