Add runner controller management API

What does this MR do and why?

Add a runner controller management API.

This MR adds API Endpoints as below:

• List all AC: GET /runner_controllers
• Get detail: GET /runner_controllers/:id
• Create (Register): POST /runner_controllers
• Delete: DELETE /runner_controllers/:id

And only instance admins can access this.

Also, it adds a new database table ci_runner_controllers to keep track of the runner controllers.

References

• Part of Runner controller management API (Part 1) Runne... (#578037 - closed).
• Update Runner Admission Controller design to al... (gitlab-com/content-sites/handbook!16358).
• https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/runner_job_router/

How to set up and validate locally

Set up GDK and prepare instance admin's personal access token.

Get

curl --request GET \
--header "Content-Type: application/json" \
--header "PRIVATE-TOKEN: $PAT" \
"https://gdk.test:3443/api/v4/runner_controllers"

Create with description

curl --request POST \
  --header "Content-Type: application/json" \
  --header "PRIVATE-TOKEN: $PAT" \
  --data '{
    "description": "Validates runner security settings before registration"
  }' \
  "https://gdk.test:3443/api/v4/runner_controllers"

Create without description

curl --request POST \
  --header "Content-Type: application/json" \
  --header "PRIVATE-TOKEN: $PAT" \
  "https://gdk.test:3443/api/v4/runner_controllers"

Delete

curl --request DELETE \
  --header "Content-Type: application/json" \
  --header "PRIVATE-TOKEN: $PAT" \
  "https://gdk.test:3443/api/v4/runner_controllers/3"

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.