Workhorse: allow disabling non-TLS listener

With !81400 (merged), we've introduced TLS support for Workhorse, and in https://gitlab.com/gitlab-org/gitlab/blob/c6649670770bf6c5b6f97de6d4a4ffdf91991241/workhorse/main.go#L247 we're always creating a listener from the -listenAddr -listenNetwork flags passed to Workhorse (defaulting to localhost:8181, tcp respectively) which means we'll always have a localhost:8181 TCP listener even if not passed.

We should make it possible to disable the non-TLS listener if desired (and maybe still keep the default listener to :8181 or verify that this doesn't break liveness/readiness checks if it's changed)