Prefixes CI Build tokens (a.k.a. CI_JOB_TOKEN) with `glcbt-` following
the guidance at
https://docs.gitlab.com/ee/development/secure_coding_guidelines.html#token-prefixes.

GitLab applies a prefix to some of its generated secrets. For example, a
Personal Access Token begins with `glpat-`. This MR adds a prefix to
Build Tokens. It also updates our frontend secret detection which
helps prevent users from leaking tokens via Issue / MR comments.

Build tokens belong to build jobs and are used to authenticate against
the APIs described at
https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html

Build tokens were already prefixed with a hexadecimal partition ID.
The new static prefix is placed before the existing prefix.

A feature flag is being used to reduce the risk of breaking CI pipelines
and/or third-party integrations, which might have made assumptions about
the format of GitLab's build tokens remaining static. The flag can be
enabled or disabled per namespace.

Resolves https://gitlab.com/gitlab-org/gitlab/-/issues/426137

Changelog: changed