Allow disabling LDAP password authentication to Git over HTTP(S)

Description

In my GitLab deployment I have unchecked the option for "Password authentication enabled for Git over HTTP(S)". However, I did not read the fine print that says: "When disabled, a Personal Access Token or LDAP password must be used to authenticate."

For me this defeats the purpose of the setting. All my users sign in via LDAP, but because they use their LDAP passwords for many other purposes, I would like to limit them from using them for Git authentication; and instead force them to use access tokens and no passwords whatsoever.

Proposal

1. Add support for disabling LDAP password auth when prevent_ldap_sign_in is enabled, behind a default-disabled feature flag.
2. Add instrumentation around instances prevent_ldap_sign_in setting when LDAP is enabled. If that number with prevent_ldap_sign_in enabled is low, then we can safely default-enable the feature flag and remove.