Frontend: Add instance setting to toggle enforcement of CI_JOB_TOKEN scope for all projects

Problem

With Add instance setting to toggle enforcement of C... (#440697 - closed) we introduced an instance setting to enforce CI Job Token Scope for all projects. However we still need to implement a frontend UI for administrators to toggle this setting.

Note: In %18.0 we will enable this setting by default. However, we want to give instance administrators the ability to disable (and re-enable) the enforcement if they need to.

This is a frontend issue representing a project-level setting. In Add instance setting to toggle enforcement of C... (#440697 - closed) we introduced the instance-level setting in the backend. However we need to adjust the UX for project-level setting when the job token scope is enforced at intance-level.

Proposal

• Add UI for admin settings to enabled/disable this setting. This setting should describe clearly the effect of enabling this setting, pointing also to the docs page.
• When instance settings are enabled, hide the radio options and save button in the UI for all licenses at the project level. The instance-level settings for self-managed and dedicated licenses will be mentioned in the documentation, accessible through the "Learn more" link in the allowlist description.
• See mockups in the Design Section

Context

!166952 (comment 2137397998)