Token prefixes: Add support for client-side secret detection

What does this MR do and why?

This MR adds client-side secret detection for tokens with an instance prefix. Before this MR, the prefix was missing from the regex match. Tokens with an instance prefix, e.g. myinstance-glpat-abc were still caught, however they were only matched as glpat-abc. This MR adds the prefix to the regex, so that they will now be matched as myinstance-glpat-abc.

For full background, follow the discussion.

🛠️ with ❤️ at Siemens

References

• Allow custom instance token prefix for all toke... (#388379)
• #388379 (comment 2404759656)

Screenshots or screen recordings

How to set up and validate locally

1. Enable feature flag via rails c:

Feature.enable(:custom_prefix_for_all_token_types)

2. Set an instance wide token prefix: Admin area > General > Account and limit > Instance token prefix, e.g. to instanceprefix
3. Create a new token, e.g. a PAT.
4. Submit a comment including the token. You should now see that the warning includes the full token with the prefix. Without this MR, you should see that only the part starting with glpat-.. is mentioned. You can also see the difference in the screenshot. The GitLab Runner token matches the full string, because it contains a very broad pattern.

MR acceptance checklist

MR Checklist ( @nwittstruck)

• Changelog entry added, if necessary
• Documentation created/updated via this MR
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Tested in all supported browsers
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the javascript style guides
• Conforms to the database guides

Related to #388379