We accept half a dozen different authentication mechanisms for
Git over HTTP. Fairly high in the list we were checking user
password, which would also query LDAP. In the case of LFS,
OAuth tokens or personal access tokens, we were unnecessarily
hitting LDAP when the authentication will not succeed. This
was causing some LDAP/AD systems to lock the account. Now,
user password authentication is the last mechanism tried since
it's the most expensive.

- The `scopes_form` partial can be used in the `admin/applications` view
  as well

- Don't allow partials to access instance variables directly. Instead, pass
  in the instance variables as local variables, and use `local_assigns.fetch`
  to assert that the variables are passed in as expected.

- Change a few instances of `render :partial` to `render`

- Remove an instance of `required: false` in a view, since this is the default

- Inline many instances of a local variable (`ip = 'ip'`) in `auth_spec`

- This module is used for git-over-http, as well as JWT.

- The only valid scope here is `api`, currently.

Reset expiry time of token, if token is retrieved again before it expires.

Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043"

This reverts commit 6d43c95b.

Use special characters for `lfs+deploy-key` to prevent a someone from creating a user with this username, and method name refactoring.

Refactored LFS auth logic when using SSH to use its own API endpoint `/lfs_authenticate` and added tests.

- Required on the GitLab Rails side is mostly authentication and API related.

This reverts commit 13e37a3e.

Auth.find was a very generic name for a very specific method.
Auth.find_in_gitlab_or_ldap was inaccurate in GitLab EE where it also
looks in Kerberos.

Both work, but now we're consistent across the entire app.

Signed-off-by: NDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>