Add Access Token auth to Gemnasium API
Problem to solve
Currently, the only way to auth on Gemnasium API is by using a JSON Web Token.
This approach doesn't suit well for automated workflow we are trying to achieve.
~Secure team members.
As we want to automate the publishing process of advisories to the Gemnasium DB, we need a way to set up a long-lived auth mechanism that could be used by a bot to submit a request to the Gemnasium API from pipeline jobs.
Consider adding something similar to GitLab's Personal access tokens
Permissions and Security
We should be careful about the rights granted to this kind of access and consider the potential risks.
TODO: check if we have propoer documentation for gemnasium API, and add this new auth mechanism capability there.
What does success look like, and how can we measure that?
A job from gemnasium-db repository can submit authenticated requests to the gemnasium API.