We need to manage some subtle caching edge cases. These are dealt with
by:

- Allowing clients to request a non-forgetful store
- Abstracting over throttling of actions per-period. A new method is
  introduced: `ExclusiveLease.throttle` that takes care of such needs.
- Allow specific keys to be forgotten after running policies
- Invalidating the `CurrentUserMode` cache for `admin_mode` if the
  session-bypass is active (which may change the value).

This deals with a very subtle cache collision problem. When this block
is run, it calls the users update-service, which computes, during
permission checks, the `admin` condition for this user. This is normally
fine, but this callback is executed _before_ the bypass-session admin ID
is set, which means that the cached value is stale during the execution
of the main action.

To avoid this, we deliberately discard the cached value of the `admin`
condition, leaving all other cache values intact.

Thankfully, `admin` is a cheap condition to recompute, and this does not
cause any additional I/O to be run.

Separately, the `Gitlab::Auth::CurrentUserMode` caches the value of
`admin_mode`, which may become invalidated due to the session-bypass
used for sessionless requests. We invalidate the cache when the
session-bypass setting is changed.
This invalidates the cached value for admin_mode, rather than requiring
the caller to know when to force recomputation.

A necessary change is made to prevent duplicate user-detail records.
See: #333245

Changelog: fixed