[JENKINS-64814] Use API to retrieve project/group avatar where possible

[sichapman]

This allows avatars to be retrieved via API if the GitLab server is new enough, so resolving the JENKINS-64814 issue of URL-based avatars not working if the projects are not public. Once installed, projects/groups need to be re-scanned for it to switch to the new method.

My knowledge of Jenkins internals isn't too hot so I had to do a bit of guesswork when it came to access control around the credentials retrieval code. In my testing, the avatar request was always 'anonymous', so no amount of permission checking worked, even if I could figure out what non-null context to use. So I had to bypass it, just for the avatar request anyway.

Testing done

Tested in a (latest LTS) Jenkins and GitLab 17 with

• public project+group with avatar
• private project+group with avatar
• project+group without avatar

Before the upgrade:

• public project+group avatar showing
• private project+group no avatar, 401s in log

Immediately after the upgrade:

• public project+group avatar showing
• private project+group no avatar, 401s in log

After rescan of each job:

• every project+group avatar showing, no errors in log

Also checked against an old version of GitLab (13) to ensure the URL-based non-API behaviour is still used even with projects with avatars

Submitter checklist

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests - that demonstrates feature works or fixes the issue