Introduce a FedRAMP-hardened mode separate from FIPS

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

!97299 (merged) disabled personal access tokens (PATs) whenever Gitlab::FIPS.enabled? is called, but customers may be using FIPS kernels and do NOT want to disable this functionality outright.

Proposal:

1. Avoid disabling features using Gitlab::FIPS.enabled? unless it relates to enforcing strong crypto. For example, MD5 is not available in OpenSSL FIPS, so it makes sense to disable functionality that needs MD5.
2. Make it possible to disable PATs via an application setting.
3. Introduce a secondary, hardened mode (Rake task?) which sets these application settings appropriately.

/cc: @hsutor, @dblessing