Add setting to Disable Resource Owner Password Credentials Grant without client credentials

Summary

Doorkeeper 5.5 disabled support for ROPC grants without client credentials by default.

We upgraded Doorkeeper for %13.9 in !52171 (merged) and kept this default, but this caused problems for some users who were relying on being able to authenticate with GitLab through ROPC grants without a registered OAuth application: #322598 (closed)

We previously clarified the client authentication requirement in the docs for %13.1 in !32878 (merged), but probably should have communicated this change more widely, or waited until %14.0 to remove support.

In !55873 (merged) we're reenabling support for password grants without client credentials.

Improvements

We could disable this again by default for %14.0, but provide a setting in gitlab.rb to enable this for self-hosted users who need it.

Risks

Involved components

Optional: Intended side effects

Optional: Missing test coverage

Availability & Testing

Please run all end-to-end test jobs (package-and-qa)

Proposal

Add an application setting allowing the grant type to be disabled. We will roll out out as default enabled allowing users to selectively disable if they want. In 19.0 we will default this setting with the appropriate deprecation notice.