Org Read-Only Mode: implement read_only_initialization → read_only states on Organizations::Stateful

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Label this issue

Part of &20404 (Implement Organizations Read-Only Mode). Design: ADR 010.

Fresh implementation MR on top of merged !230909 (merged) (Organizations::Stateful + shared Stateful:: concerns):

• New states: read_only_initialization and read_only, with transitions active → read_only_initialization → read_only and the abort/recovery paths back to active
• reason metadata recorded for audit (migration, isolation, incident, billing, legal); not surfaced to end users
• Transition guards: default Organization excluded; no entry from deletion_* or pre-confirmation states
• Reuse existing after_transition :log_transition audit hook and TransitionValidation
• Port controller / Grape / GraphQL / Gitlab::GitAccess enforcement code from POC !228743 (closed) (reference only — the POC MR will not be merged)