Allow JOB_TOKEN to access Release Links API

Release notes

Previously, the Release links API only accepted a personal access token or a project access token for authentication. With this update, a CI_JOB_TOKEN is now accepted for authentication to use with the API to manipulate GitLab Release links.

Problem to solve

I tried out the release links API and wanted to add some URL links to the released artifacts in our Artifactory instance. The link should be added in the CI pipeline once the artifact was uploaded.

However, it turns out the call to this REST API does not work with the JOB_TOKEN header but only with the PRIVATE_TOKEN. Is this limitation intended? I don't want to maintain extra Private tokens just for manipulating the assets of the release.

Proposal

Extend JOB_TOKEN to support actions for https://docs.gitlab.com/ee/api/releases/links.html

Related Issue

We implemented this for the Releases API: #27001 (closed)

Related customer discussion - #27001 (comment 414567140)