Previously if a POST request were made with an `application/json`
Content-Type but the body was not JSON, the middleware that checks for
malformed parameters would encounter
`ActionDispatch::Http::Parameters::ParseError` when it attempted to
access `request.parameters`. This error would be caught by the Puma
low-level handler and cause a 500 error to be returned.

Instead of a 500 error, we now catch this exception and treat it as a
malformed string. This results in a 400 Bad Request, which is a more
appropriate response.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/427210

Changelog: fixed