Add user access functionality for KAS

What does this MR do and why?

Implements #381561 (closed) and #381566 (closed). Implements, behind a feature flag:

• authorize_proxy_user API endpoint that looks up a user by session ID and returns the metadata for KAS
• Setting the KAS cookie. Currently at the end of every request. Should limit it to relevant controllers.

The agent MR is here: gitlab-org/cluster-integration/gitlab-agent!841 (merged)

Screenshots or screen recordings

How to set up and validate locally

You have to be familiar with KAS and agentk to setup this up:

1. Enable the feature flag

   Feature.enable(:kas_user_access)

2. Setup your GitLab (GDK) with KAS and a working agentk from gitlab-org/cluster-integration/gitlab-agent!841 (merged)
3. Register that agent in a project and enable the ff for that project, too:

   Feature.enable(:kas_user_access_project, Project.find(<project-id>))

4. Browse to the agent overview page
5. Open up the browser dev console and run something like this to query Kube API via KAS and agentk (make sure that the KAS address is correct for your setup):

   fetch('https://kas.gdk.test:3443/-/k8s-proxy/api/v1/namespaces', {credentials: 'include', headers: {'X-Csrf-TOKEN': document.head.querySelector('meta[name="csrf-token"]').content, 'GitLab-Agent-Id': '1'}}).then((response) => response.json()).then((data) => console.log(data));

6. Verify that the response is a NamespaceList Kube API response

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.