Use Redis-ACLs to restrict access to certain commands from Rails application

Since Redis 6, which we are on for GitLab.com, redis has an Access Control List: https://redis.io/docs/manual/security/acl/

The application is currently using the default user, the Redis default. With Redis' ACL rules we could restrict the default user's access to certain commands to prevent situations like we saw in #371098 (closed) where a security researches was able to force a failover of redis-cache. To prevent situations like this in the future we could prevent the default users from executing commands tagged @admin, @connection, @dangerous and others.

To do this, we'll need to make sure that we create appropriate rules for the default user that the application uses.

Questions to answer:

• How do we provide a user that has does have access to the commands default does not have access to? These commands would be needed for administrators logging in to consoles.
• Does this administrator-user need to be created for self-managed installations?
• Do we need to provide a way to configure ACLs to self-managed installations through GitLab-omnibus or the charts?