Transform gitserver access logs to audit logs

[vrto]

Description

Gitserver access logs will optionally be included in the audit log. This is controlled via log.auditLog.gitServerAccess setting in the site config.

@bobheadxi I made a couple of calls here, but nothing is set in the stone yet. Let's treat this PR as a conversation for what should happen:

• Note that gitserver access logs may still be used by the log.gitserver.accessLogs setting as before (should we totally drop this?)
• The logic for (not) logging git server access just got a little more complicated, as it can be controlled by either of the two settings (logical or)
• This introduces a breaking change - the gitserver access log message is now a standard audit log message, which is slightly richer and contains all of the data before, but the field actor is now located in the audit.actor property

Test plan

• Automated tests
• Picture with the captured log (localhost)
  

[bobheadxi]

Note that gitserver access logs may still be used by the log.gitserver.accessLogs setting as before (should we totally drop this?)

We should mark it as deprecated in the docstring and remove it in a future release

Regarding the change in fields, I think it should be fine as long as we mention it in the changelog

[bobheadxi]

Internally why do we need to distinguish between the two? The logic to set disabled should take into account the legacy access logs and the new audit logs setting - IMO we should keep this the same as before here

[vrto]

I needed it to test this bool logic but since we're dropping the older setting it might not be needed

[bobheadxi]

Instead, we can write a unit test for just that logic and keep this simple :)

[vrto]

@bobheadxi

We should mark it as deprecated in the docstring and remove it in a future release

Are you OK if I do it as part of this PR? So the change will be effective, right after merging the PR? Follow-up question; do you know of any clients using this in prod?

Regarding the change in fields, I think it should be fine as long as we mention it in the changelog

Good idea!

[bobheadxi]

Are you OK if I do it as part of this PR? So the change will be effective, right after merging the PR?

Absolutely! (not the removal yet though)

Follow-up question; do you know of any clients using this in prod?

I'm not entirely sure actually, original PR is here: https://github.com/sourcegraph/sourcegraph/pull/38798 searching for the PR reveals https://sourcegraph.slack.com/archives/C02UC4WUX1Q/p1657786740125169 which seems to indicate only 1 customer uses this at the moment

[vrto]

@bobheadxi changes pushed, I tihnk I addressed everything we discussed here!

[bobheadxi]

Nice, thanks for the updates!!