Add group deploy tokens

What does this MR do?

This is the second MR related to adding group deploy tokens as a new feature.

The first MR was about adding a deploy_token_type column to the deploy_tokens table in order to be able to differentiate whether a deploy token is of type Project or Group.

In this MR:

• architecture used in clusters (ie. project clusters vs group clusters) was reused here to make the creation of group (or project) deploy token possible.
• some logic was added in the DeployToken model (eg. it can either be a project token or a group token)
• existing logic related to whether a token can access a project was updated: now projects under a group can be accessed by a group token (linked to that group)
• rspecs were added accordingly.

Screenshots

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• Label as security and @ mention @gitlab-com/gl-security/appsec
• The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• Security reports checked/validated by a reviewer from the AppSec team

Relates to #21765 (closed)