Admin API Endpoint: Token Info

• Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA

What does this MR do and why?

Admin API Endpoint: Token Info

This commit introduces an Admin endpoint to retrieve information about arbitrary tokens:

GET /api/v4/admin/tokens/self?token=glpat...

This is a first iteration that supports Personal access tokens and Deploy tokens.

Issue: #443597 (closed)

🛠 with ❤ at Siemens

MR acceptance checklist

MR Checklist ( @nwittstruck)

• Changelog entry added, if necessary
• Documentation created/updated via this MR
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Tested in all supported browsers
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the javascript style guides
• Conforms to the database guides

How to set up and validate locally

1. Enable feature flag via rails c:

Feature.enable(:admin_agnostic_token_finder)

2. You'll need to create two new personal access tokens: https://gdk.test:3443/-/user_settings/personal_access_tokens

   1. A personal access token with admin capabilities.
   2. A personal access token or a deploy token with limited capabilities that you can query. You can also query the admin token if you'd like, however for testing I prefer to use separate tokens.

3. Now you can retrieve information about this token:

curl -k --request GET \
--url 'https://gdk.test:3443/api/v4/admin/tokens/self?token=<Token from Step 2.>' \       
--header 'Authorization: Bearer <Admin Token from Step 1.>' \
--header 'Content-Type: application/json'

{
  "id": 4,
  "user_id": 1,
  "name": "personal-access-token",
  "revoked": false,
  "expires_at": "2024-10-04",
  "created_at": "2024-09-04T07:20:22.670Z",
  "updated_at": "2024-09-04T07:20:22.670Z",
  "scopes": [
    "read_api"
  ],
  "impersonation": false,
  "expire_notification_delivered": false,
  "last_used_at": null,
  "after_expiry_notification_delivered": false,
  "previous_personal_access_token_id": null,
  "advanced_scopes": null,
  "organization_id": 1
}

or for a deploy token:

{
  "id": 1,
  "revoked": false,
  "read_repository": true,
  "read_registry": false,
  "expires_at": null,
  "created_at": "2024-09-02T10:59:00.802Z",
  "name": "gdk-identify-deploy-token",
  "username": "gitlab+deploy-token-1",
  "deploy_token_type": "project_type",
  "write_registry": false,
  "read_package_registry": false,
  "write_package_registry": false,
  "creator_id": 1,
  "read_virtual_registry": false,
  "project_id": 7,
  "group_id": null
}

Related to #443597 (closed)