Expose project's hooks/services secrets to the API

Description

Expose project-hooks tokens and project-services password, token and api_key readable on API GET requests rather than (currently) write-only so that API clients can advertise idempotency of their operations (--dry-run mode).

Proposal

Gitlab web view actually show these tokens in cleartext. It would be logical that, having an identical permission level, an API token would provide access to this information. Tools like Ansible could then identify whether the state of the project (web-hook, service) actually changed (tokens included) and possibly avoid useless POST/PATCH requests.

In case Gitlab.com operators would be reluctant for security reasons, then exposing secrets hashed/salted would do the job too.

Links / references

See also: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7220