Auto-ban spammers when reported by a GitLab employee

What does this MR do and why?

Describe in detail what your merge request does and why.

The MR adds a background job that runs when abuse reports are created. If an unpaid user is reported as a spammer by a GitLab employee the user will be automatically banned.

Related issues:

• https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/361
• https://gitlab.com/gitlab-com/gl-security/security-operations/trust-and-safety/tines-stories/-/issues/9

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

1. Ensure GDK is running with the environment variable GITLAB_SIMULATE_SAAS=true exported in the environment.

2. As a regular create the gitlab-com group at the top level.

3. Tail the relevant sidekiq logs tail -f /path/to/GDK/gitlab/log/sidekiq.log | grep NewAbuseReportWorker

4. As the same user who created the gitlab-com group (or a regular user you added to that group) report abuse for another user (i.e. http://gdk.test:3000/cody_fay0). The user should be reported for creating spam.

   

5. After submitting the report you should see the job queued and completed in the sidekiq logs.

6. Verify that the user is banned in the admin UI.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.