Add prefix to ApplicationSetting token fields

Three tokens are generated in application_settings.rb. As defense in depth we should add a static prefix to these, to enable easier detection if an admin / user accidentally leaks the secrets.

app/models/application_setting.rb:41:3: C: Gitlab/TokenWithoutPrefix: Tokens should be prefixed. See doc/development/secure_coding_guidelines.md#token-prefixes for more information.
  add_authentication_token_field :static_objects_external_storage_auth_token, encrypted: :required
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/models/application_setting.rb:42:3: C: Gitlab/TokenWithoutPrefix: Tokens should be prefixed. See doc/development/secure_coding_guidelines.md#token-prefixes for more information.
  add_authentication_token_field :error_tracking_access_token, encrypted: :required
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Relevant:

https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/482+
Enforce prefixing for new tokens (#439007 - closed)
Add prefix to health check access tokens (#376751) exists for the third token (health check)

While this is assigned to groupstatic analysis as per https://handbook.gitlab.com/handbook/product/categories/#shared-responsibility-functionality, there is no commitment to work on this. Also, this is not a vulnerability.

Edited Jan 24, 2024 by Nick Malcolm