Merge branch '20911-remove-private-token-from-users-api' into 'master'

Don't expose a user's private token in the `/api/v3/user` API

## Why was this MR needed?

A user's private token is being leaked in the `/api/v3/user` API.

## What are the relevant issue numbers?

- Closes #20911

## Does this MR meet the acceptance criteria?

- [ ]  #20911 !6047 Application-Specific Tokens Are Insecure
    - [x]  Implementation
    - [x]  Test
    - [x]  CHANGELOG
    - [x]  Make sure build is green
    - [x]  Assign to endboss
    - [ ]  Wait for merge


See merge request !6047

CHANGELOG

@@ -27,6 +27,7 @@ v 8.12.0 (unreleased)
   - Fix markdown help references (ClemMakesApps)
   - Add last commit time to repo view (ClemMakesApps)
   - Added project specific enable/disable setting for LFS !5997
+  - Don't expose a user's token in the `/api/v3/user` API (!6047)
   - Added tests for diff notes
   - Add a button to download latest successful artifacts for branches and tags !5142
   - Remove redundant pipeline tooltips (ClemMakesApps)

doc/api/users.md

@@ -310,8 +310,7 @@ GET /user
   "can_create_group": true,
   "can_create_project": true,
   "two_factor_enabled": true,
-  "external": false,
-  "private_token": "dd34asd13as"
+  "external": false
 }
 ```
 

lib/api/users.rb

@@ -327,7 +327,7 @@ module API
       # Example Request:
       #   GET /user
       get do
-        present @current_user, with: Entities::UserLogin
+        present @current_user, with: Entities::UserFull
       end
 
       # Get currently authenticated user's keys

spec/requests/api/users_spec.rb

@@ -605,6 +605,7 @@ describe API::API, api: true  do
       expect(json_response['can_create_project']).to eq(user.can_create_project?)
       expect(json_response['can_create_group']).to eq(user.can_create_group?)
       expect(json_response['projects_limit']).to eq(user.projects_limit)
+      expect(json_response['private_token']).to be_blank
     end
 
     it "returns 401 error if user is unauthenticated" do