Allow API access with CI_JOB_TOKEN

Merged Kamil Trzciński requested to merge zj-job-user-ci-token-auth into master

What does this MR do?

Implements https://gitlab.com/gitlab-org/gitlab-ee/issues/2770, and this is done by @zj.

Are there points in the code the reviewer needs to double check?

Why was this MR needed?

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/2770

Edited by Sean McGivern