User domain whitelist and blacklist can be DoS

See https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

https://gitlab.com/gitlab-org/gitlab/-/blob/0ddf601abbdc3ee7deea31e9c4f7e6abdcf7c1b6/app/models/user.rb#L1714-1748 is vulnerable to a DoS attack if the administrator accidentally enters a bad regex, e.g. ([a-zA-Z0-9]+)*\.com.

Steps to reproduce

1. Administrator enters ([a-zA-Z0-9]+)*\.com as domain whitelist / blacklist
2. User (attacker) attempts signup with aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!.com
3. Puma web server hangs No, it does not

Potential fix

We should consider switching to using re2 instead which is already available via Gitlab::UntrustedRegexp.