Remove Data Analytics Framework token authentication via GET/POST params.

[aaronweeden]

Description

This PR removes the ability to authenticate to the Data Analytics Framework REST API via API token in GET or POST parameters and makes it so the token must be provided via Authorization header. The GET/POST param functionality was in place for CentOS 7 to work around the Authorization header being eaten by Apache, and it is no longer needed.

These changes mean the current method of counting Data Analytics Framework requests for our reporting KPIs will no longer work (they involved reading the logs with ident = 'rest.logger.db' or ident = 'controller.log' and searching for the Bearer parameter). To correct this, this PR adds logging with a new ident = 'daf'.

This PR also updates the error messages and documentation to use consistent lowercasing of "token" and to move the duplicate error message strings into variables.

This PR also refactors some duplicated code into functions.

There is also a PR for https://github.com/ubccr/xdmod-xsede/pull/570.

Motivation and Context

Code cleanup and better practice not to have the API token in the request parameters.

Tests performed

This PR updates the token auth integration tests.

In a Docker container with the changes from this PR, I also made requests via the version of xdmod-data from ubccr/xdmod-data#68 and confirmed the logs appeared as expected, e.g.,:

+-------+---------------------+-------+----------+-----------------------------------------------------------------------------------------------------------+
| id    | logtime             | ident | priority | message                                                                                                   |
+-------+---------------------+-------+----------+-----------------------------------------------------------------------------------------------------------+
| 14122 | 2025-04-09 19:00:20 | daf   |        6 | {"message":"User 3 requested /controllers/metric_explorer.php with API token using xdmod-data Python v1.1.0.dev09"} |
| 14123 | 2025-04-09 19:00:21 | daf   |        6 | {"message":"User 3 requested /controllers/user_interface.php with API token using xdmod-data Python v1.1.0.dev09"}  |
| 14125 | 2025-04-09 19:00:21 | daf   |        6 | {"message":"User 3 requested /v1/warehouse/export/realms with API token using xdmod-data Python v1.1.0.dev09"}      |
| 14127 | 2025-04-09 19:00:22 | daf   |        6 | {"message":"User 3 requested /v1/warehouse/raw-data with API token using xdmod-data Python v1.1.0.dev09"}           |
+-------+---------------------+-------+----------+-----------------------------------------------------------------------------------------------------------+

Checklist:

• The pull request description is suitable for a Changelog entry
• The milestone is set correctly on the pull request
• The appropriate labels have been added to the pull request

[jpwhite4]

Is this going to cause breakage / incompatibility between newer XDMoD and older python code?

[aaronweeden]

Is this going to cause breakage / incompatibility between newer XDMoD and older python code?

No, every release of xdmod-data so far has put the token in both the header and the request params.