jobs/tools: Do not inline token in script setting gitlab webhooks

Pass it as a hidden parameter instead as jenkins now requires to manually validate each groovy script for security concerns.

As a script is identified by the hash of its content, proceeding like this avoid to revalidate the webhooks setting script each time the token is rotated.

These changes have been tested locally with a local jenkins and our staging gitlab.

Merge request reports