Handle creation/deletion of workspace tokens and create token docs

Description

SUMMARY: Handle creation/deletion of workspace tokens according to workspace lifecycle.

We now need to manage the lifecycle of WorkspaceToken creation/deletion according to rules specified in the Implementation Plan section below.

This MR should also introduce appropriate docs for the new token to the page at https://docs.gitlab.com/security/tokens, and add to list at https://docs.gitlab.com/security/tokens/#available-scopes

Workspace Tokens are created and deleted according to criteria in Implementation Plan below
Introduce appropriate docs for the new token to the page at https://docs.gitlab.com/security/tokens, and add to list at https://docs.gitlab.com/security/tokens/#available-scopes

We need to manage the lifecycle of WorkspaceToken creation/deletion according to these rules:

Create an associated WorkspaceToken record when a Workspace transitions to desired_state of Running. This should happen both on initial creation, and after a workspace is Stopped and Restarted. In-memory workspace.workspace_token attribute should be updated to the new record.
Delete the associated WorkspaceToken record when a Workspace transitions to desired_state of RestartRequested, Stopped OR Terminated (i.e. anything other than Running). In-memory workspace.workspace_token attribute should be updated to nil.
Gracefully handle inconsistent DB states - these should never happen normally, but should not cause errors:
1. If token already exists when transitioning TO Running, then rotate it (delete and recreate)
2. If token does not exist when transitioning FROM Running, do not raise an error.

Edited Jun 25, 2025 by 🤖 GitLab Bot 🤖