Remove secret from HTTP request headers
Now the requests are verified via JWT. The feature flag has been enabled for a while. It also has been enabled by default in the previous release, so the self-managed will be able to turn it off if it doesn't work for their setups: gitlab!100929 (merged)
Introduced in: gitlab-shell!596 (merged) and gitlab!86148 (merged)
Rollout issue: gitlab#360808 (closed)