Ban use of `current_application_settings` when reading settings

Problem

We use Gitlab::CurrentSettings.current_application_settings everywhere in the codebase. This is bad because it returns an ActiveRecord object that can be modified. We should ban the use of Gitlab::CurrentSettings.current_application_settings and ApplicationSetting.current* methods and instead read the attribute directly, relying on method_missing implementation.

Proposal

1. Introduce a Rubocop Cop that flags any use of Gitlab::CurrentSettings.current_application_settings and ApplicationSetting.current* methods
2. Remove all code paths that are not admin workflows where we return ApplicationSetting record, so that we don't leak it anywhere. At the very minimum the AR object returned should be set as readonly!.