Allow filtering resource access tokens by resource type and ID in credentials API

Follow-up to #510351 (closed), we should allow the /groups/:id/resource_access_tokens API to filter by resource_type (group/project) and resource_id to narrow results.