Add support for revoking Runner Authentication Token to Group Token Revocation Endpoint

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Work on this issue
• Close this issue

Runner Authentication Tokens could leak. This issue is to add support for revocation to the Groups::AgnosticTokenRevocationService https://docs.gitlab.com/ee/api/runners.html#reset-runners-authentication-token-by-using-the-current-token

% curl -XPOST --header "PRIVATE-TOKEN: OWNER_PAT" https://gdk.test:3443/api/v4/groups/ID/tokens/revoke -H "Content-Type: application/json" --data '{"token":"RUNNER_AUTHENTICATION_TOKEN"}'
{
    "id": 9,
    "name": nil,
    "username": nil,
    "expires_at": null,
    "scopes": [],
    "revoked": true,
    "expired": false
}

• The caller must be an Owner of the affected group.
• Instance Runner Authentication Tokens should not be revocable by this endpoint (and the caller shouldn't be able to tell if it is or isn't an instance runner token)
  • They can always use https://docs.gitlab.com/ee/api/runners.html#reset-runners-authentication-token-by-using-the-current-token instead
• The new token should not be returned in the API response (again, they can use the dedicated reset API if they want that)