Restore Data Analytics Framework token authentication via GET/POST params.

[aaronweeden]

Description

This PR restores the ability to authenticate to the Data Analytics Framework REST API via API token in a Bearer parameter of GET or POST requests instead of an Authorization header. This functionality had been removed in #2028, but after that PR was merged, it was discovered that the eating of the Authorization header described in that PR also happens in Rocky 8, and a proper fix requires an update to the Apache configuration. Because updating the Apache configuration requires the admin to make manual changes, this is deemed a substantial enough change to warrant deferring it to a major release. So, for now, we are rolling back to allowing the Bearer parameter to be used when making GET/POST requests.

This PR also refactors the code a bit to make it easier to read and maintain. Specifically:

• Remove the constant HEADER_KEY because the string 'Bearer' is unlikely to change, and it is more readable not to have to look up the value of the constant.
• Move the authenticateToken method from BaseControllerProvider into the Tokens class, renamed as authenticate — this relegates all the handling of the token authentication to the Tokens service to encapsulate it all in one place.
• Rename the authenticateToken method in the Tokens class to authenticateController since it is meant to be a temporary function until the controller endpoints are refactored into the new REST stack in a future version of XDMoD.
• Rename the authenticate method in the Tokens class to authenticateToken and make it private since now there are no external classes that need to use it.
• Move common exception throwing in the Tokens class into a function to simplify the repeated code.

Tests performed

In addition to making sure the CI tests passed, I also ran various tests on my port on xdmod-dev with the changes from this PR, running curl with and without a token in a Bearer parameter for the various endpoints that use token authentication.

This PR changes the integration test for the API tokens to put the token in the query parameters instead of the header. A future PR that fixes the Apache configuration should also update this to test both the case where the token is in the header and the case where the token is instead in the query parameters.

Checklist:

• The pull request description is suitable for a Changelog entry
• The milestone is set correctly on the pull request
• The appropriate labels have been added to the pull request