Optional enforcement of SSH key expiration

The SSH key expiration introduced in #36243 (closed) is never enforced, implying the key is always active even after the expiration.

Similar to Optional PAT enforcement, this issue aims to allow an administrator to configure whether key expiration should be enforced or not.

To be in line with current implementation, the default behavior can be to not enforce the expiry.

This might especially be useful for organizations that prefer a hard enforcement for token rotations.

Add a checkbox in the Admin Dashboard (Settings -> General -> Account and limit)

When enabled, the keys will become un-usable after expiration.

Add migration to create a new column enforce_ssh_key_expiration in application_settings
Changes to ee/app/helpers/ee/application_settings_helper.rb to include the above column to the list of visible attributes
When SSH key expiration is enforced:
- Return forbidden error when key has expired

Note: The optional PAT expiration MR can be handly for implementing most of the changes.

Add documentation to Account and Limit Settings page.

Edited Nov 17, 2020 by Dan Jensen