Authorize requests by X-GitLab-Unit-Primitive header

NOTE: This is a high-priority MR for the deadline.

What does this merge request do and why?

This MR changes the authorization logic to fine-grained permission check from coarse-grained permission check. This is for this issue that returns 403: Forbidden HTTP status code to clients when they don't have permission to access the feature declared in x-gitlab-unit-primitive.

This MR also adds docs/auth.md documentation page to explain how authentication and authorization in AI Gateway.

See Breakdown unit primitives per user interface an... (gitlab-org/gitlab#462413) for more information.

How to set up and validate locally

1. Checkout Use Vertex AI proxy endpoints in VertexAI::Client (gitlab-org/gitlab!153215 - merged) in GitLab-Rails.
2. Checkout this branch in AI Gateway.
3. Setup OIDC with GitLab-Rails.
4. Remove explain_vulnerability from ee/config/cloud_connector/access_data.yml in GitLab-Rails.
5. Refresh Cloud Connector service catalog:

# gdk rails console

Rails.cache.delete('cloud-connector:services')

Test sending a request:

[1] pry(main)> Gitlab::Llm::VertexAi::Client.new(User.first, unit_primitive: 'explain_vulnerability').chat(content: "Hi, how are you?")
  User Load (1.3ms)  SELECT "users".* FROM "users" ORDER BY "users"."id" ASC LIMIT 1 /*application:console,db_config_name:main,console_hostname:shinya-XPS-15-9530,console_username:shinya,line:/app/models/concerns/use_sql_function_for_primary_key_lookups.rb:8:in `_query_by_sql'*/
=> {"detail"=>"Unauthorized to access explain_vulnerability"}

Merge request checklist

• Tests added for new functionality. If not, please raise an issue to follow up.
• Documentation added/updated, if needed.