Route request via PAT token

See https://docs.gitlab.com/ee/architecture/blueprints/cells/routing-service.html for background

1. Assume the Cell is configured to generate all secrets and session cookies with a prefix.
2. The routing service will route to that cell if it reads such a header like GITLAB_TOKEN that matches the prefix, following https://docs.gitlab.com/ee/architecture/blueprints/cells/routing-service.html#router-configured-to-perform-static-routing
   • priority for this rule is to be determined

NOTE, there are many different types of Tokens so we may need to prioritize which ones to implement first:

• GITLAB_TOKEN header (personal access tokens)
• Authorization: Bearer for Direct Transfer (#434968 (comment 1760557290))
• UNLEASH-INSTANCEID header
• Others

Proposal

1. Update the Rails application to have tokens be prefixable via the organization or another top-level actor.
   • We need to keep in mind that if an organization gets moved to a different cell, the token needs to continue to work.
2. Update the router rules generated by the Rails application with the appropriate rules for tokens. NOTE: the router will need to call classify service
3. Ensure all secret detection code (e.g. regexes) are updated to match un-Cell-prefixed and Cell-prefixed tokens
   • For the PoC: https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/assets/javascripts/lib/utils/secret_detection.js
   • Before productionizing, there is a list of places here: https://docs.gitlab.com/ee/development/secure_coding_guidelines.html#token-prefixes