WIP: Secret personal snippets without visibility level
What does this MR do?
This MR adds support for a new visibility level for Snippets without actually adding a new visibility level. A Secret Snippet can be viewed by anyone with the correct URL. Secret Snippets are not search-able for non-author users.
The core mechanism for making a Snippet Secret vs. Public is via the introduction of the ?token=<unique secret> query param which is stored in the snippets table in the secret_token attribute. Snippet#secret_token is populated via the before_save AR hook and currently uses SecureRandom.hex.
Because ?token=<unique secret> needs to be provided in order to view a Secret Snippet, it should also be fairly easy to re-generate <unique secret> (perhaps via a button within Snippet edit mode). This ability allows existing URL's containing ?token=<original unique secret> to be rendered invalid and offers some ability to the author to reset/reduce exposure should they need it.
Refs #14201