Add REST API to update status of external requirement controls

This API endpoint is intended to be used by external control sources, so they can update the status of a control back to GitLab. They will authorize by signing the request with shared token defined when setting up the requirement control.

• Create service to update external control status

  • Only allow statuses [pass and fail] as defined in ENUM (pending should not be accepted from an external update)
  • Audit status stored on control

• Ensure request HMAC signature is valid and timestamp is current (suggesstion: set timeout at ~15s to avoid potential relay attacks. )

ADR: gitlab-com/content-sites/handbook!10822 (merged)