Token prefixes: Add suppport for personal access tokens

What does this MR do and why?

Adds support for instance wide token prefixes for personal access tokens. It takes precedence over the existing custom prefix for personal access tokens.

Instance wide token prefix have been added with !179852 (merged)

The new prefix format is: #{instance_prefix}#{token_type_prefix}. E.g. for PATs, we'd get: #{instance_prefix}-glpat. By default, the prefix is empty. However, we can now customize the instance prefix to create a new prefix: mycompanyname-glpat-.

When both an instance wide token prefix AND a custom personal access token prefix are defined, the custom personal access token prefix is ignored.

This is based on this discussion.

🛠️ with ❤️ at Siemens

References

• Allow custom instance token prefix for all toke... (#388379)
• https://docs.gitlab.com/administration/settings/account_and_limit_settings/#instance-token-prefix
• https://docs.gitlab.com/administration/settings/account_and_limit_settings/#personal-access-token-prefix
• #388379 (comment 2450950174)

How to set up and validate locally

1. Enable feature flag via rails c:

Feature.enable(:custom_prefix_for_all_token_types)

2. Generate a personal, group or project based access token. It should start with glpat-
3. Change the custom personal access token prefix: Admin area > General > Account and limit > Access token prefix, e.g. to customprefix-
4. Generate a personal, group or project based access token. It should start with customprefix-
5. Change the instance wide token prefix: Admin area > General > Account and limit > Instance token prefix, e.g. to instanceprefix (Note the missing -, which is not permitted)
6. Generate a personal, group or project based access token. It should start with instanceprefix-glpat-
7. All tokens should still work, as we are aiming to be backwards compatible. For custom pat prefixes and instance wide prefixes, only the most recent prefix will work, as we don't save a history of prefixes. Tokens starting with glpat- should always work.

You can now use the token e.g. to access the API or checkout git repositories. As an example, you can query the different tokens with the token information API - just set up an Admin token and use it to identify the tokens you've just generated:

curl --request POST \
  --url https://gdk.test:3443/api/v4/admin/token \
  --header 'Authorization: Bearer <ADMIN TOKEN>' \
  --header 'Content-Type: application/json' \
  --data '{"token": "<TOKEN YOU WANT TO IDENTIFY>"}'

MR acceptance checklist

checklist

• Changelog entry added, if necessary
• Documentation created/updated via this MR
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Tested in all supported browsers
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the javascript style guides
• Conforms to the database guides

Related to #388379