Draft: fix: Allow access tokens in headers to access debian packages

• Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA

What does this MR do and why?

fix: Allow access tokens in headers to access debian packages

This fixes an issue where the examples in the documentation do not match with the actual behavior of the code:

https://docs.gitlab.com/ee/api/packages/debian.html#download-a-distribution-release-file

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

1. In rails console enable the experiment fully

   Feature.enable(:debian_packages)

2. Create a personal access token
3. Create a debian distribution in a non-public project via: curl --request POST --header "PRIVATE-TOKEN: <personal_access_token>" "https://gitlab.hostname/api/v4/projects/<project_id>/debian_distributions?codename=buster&component=main&architectures=amd64,arm64"
4. Try accessing the Release file using the access token in the header as per the docs: curl --header "Private-Token: <personal_access_token>" "https://gitlab.example.com/api/v4/projects/<project_id>/packages/debian/dists/buster/Release"

AI Summary:

This code change adds support for authenticating with personal access tokens, deploy tokens, and job tokens using HTTP headers. Previously, only basic authentication was supported. This change makes it easier for users to authenticate with GitLab when accessing Debian package endpoints.