Allow setting 'write to authorized_keys' on first boot

Description

Similar to the open issue for backporting this feature to CE: https://gitlab.com/gitlab-org/gitlab-ee/issues/3953, it would simplify our workflow on the gcp migration and cloud native charts if we were able to configure the system to not write to authorized_keys during the first boot.

Proposal

Introduce a setting in gitlab.yml or an ENV variable that impacts the 'default' for this flag. In addition, a raketask to allow allow toggling it in the database would probably be helpful for the GEO setup instructions.