Submit specs for Token Rebuild and Release policies

Delete the unecessary VCR files (to test the policy we don't need the
backend)

src/api/spec/factories/tokens.rb

@@ -16,5 +16,13 @@
         package_from_association_or_params { package }
       end
     end
+    factory :release_token, class: 'Token::Release' do
+      type { 'Token::Release' }
+      user
+      package
+      trait :with_package_from_association_or_param do
+        package_from_association_or_params { package }
+      end
+    end
   end
 end

src/api/spec/policies/token/rebuild_policy_spec.rb

@@ -1,6 +1,6 @@
 require 'rails_helper'
 
-RSpec.describe Token::RebuildPolicy, vcr: true do
+RSpec.describe Token::RebuildPolicy do
   let!(:user) { create(:confirmed_user, login: 'foo') }
   let!(:project) { create(:project, maintainer: user) }
   let!(:package) { create(:package, project: project) }

src/api/spec/policies/token/release_policy_spec.rb

@@ -0,0 +1,19 @@
+require 'rails_helper'
+
+RSpec.describe Token::ReleasePolicy do
+  let!(:user) { create(:confirmed_user, login: 'foo') }
+  let!(:project) { create(:project, maintainer: user) }
+  let!(:package) { create(:package, project: project) }
+  let!(:other_user) { build(:confirmed_user, login: 'bar') }
+  let!(:release_token) { create(:release_token, :with_package_from_association_or_param, user: user, package: package) }
+  let!(:other_user_release_token) { create(:release_token, :with_package_from_association_or_param, user: other_user) }
+
+  subject { described_class }
+
+  describe '#create' do
+    permissions :create? do
+      it { expect(subject).to permit(user, release_token) }
+      it { expect(subject).not_to permit(other_user, other_user_release_token) }
+    end
+  end
+end