Add feature flag to PAT reuse detection

What does this MR do and why?

Adds a feature flag to #395352 (closed) to disable the new behavior by default.

This is needed for a severity2 ongoing incident gitlab-com/gl-infra/production#16042 (closed) and should be merged and deployed ASAP.

Resolves: Add automatic token reuse detection behind a FF (#418565 - closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

assigned to @dblessing

added pipeline:expedite label

Setting pipeline:expedite without master:broken, master:foss-broken or quarantine is forbidden!

removed pipeline:expedite label

marked the checklist item I have evaluated the MR acceptance checklist for this MR. as completed

approved this merge request

@tachyons-gitlab, thanks for approving this merge request.

This is the first time the merge request is approved. To ensure full test coverage, a new pipeline will be started shortly.

For more info, please refer to the following links:

• rspec predictive jobs
• jest predictive jobs
• merging a merge request.

added pipeline:mr-approved label

added backend feature flag groupauthentication and authorization [DEPRECATED] labels

	1 Warning
	Please add a merge request subtype to this merge request.

	1 Message
	CHANGELOG missing: If you want to create a changelog entry for GitLab FOSS, add the Changelog trailer to the commit message you want to add to the changelog. If you want to create a changelog entry for GitLab EE, also add the EE: true trailer to your commit message. If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.

Reviewer roulette

Changes that require review have been detected!

Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:

Category	Reviewer	Maintainer
backend	Jon Jenkins (@jon_jenkins) (UTC-5, same timezone as @dblessing)	Max Woolf (@mwoolf) (UTC+1, 6 hours ahead of @dblessing)
~"group::authentication and authorization"	Reviewer review is optional for ~"group::authentication and authorization"	Jarka Košanová (@jarka) (UTC+2, 7 hours ahead of @dblessing)

To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.

To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.

Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

added devopsmanage sectiondev labels

approved this merge request

resolved all threads

mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@07116b6c

changed milestone to %16.2

added Deliverable missed-deliverable missed:16.0 quad-planningcomplete-action typefeature workflowin review labels

added Pick into auto-deploy label

added severity3 label

changed the description