Fix job artifact download API using job token

What does this MR do and why?

Fix job artifact download API using job token.

Before this change, a request to download job artifact using the Get Job Artifacts API using a job token would fail.

GET /projects/:id/jobs/:job_id/artifacts

The correct behaviour should be as follows.

1. Given 1 project with 2 jobs (projA/job1, projA/job2), when projA/job2 token is used to request projA/job1 artifacts, then it is allowed to download.
2. Given 2 projects with 1 job each (projA/job1, projB/job2), and projA has licensed feature cross_project_pipelines, when projB/job2 token is used to request projA/job1 artifacts, then it is allowed to download.
3. Given 2 projects with 1 job each (projA/job1, projB/job2), and projB has licensed feature cross_project_pipelines, when projB/job2 token is used to request projA/job1 artifacts, then it is NOT allowed to download.
4. Given 2 projects with 1 job each (projA/job1, projB/job2), when projB/job2 token is used to request projA/job1 artifacts, then it is NOT allowed to download.

Caveat: the job whose token is used to authenticate the request must be in :running state, otherwise the request will be rejected with 401 forbidden. This is a prerequisite for any job token authentication in the Job Artifacts API.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #347244 (closed)