Ban user that uses a previously banned phone number

What does this MR do and why?

• During identity verification, if a user uses a phone number that is linked to a previously banned user, then ban that user as well and ask them to contact support.
• Earlier we would just show them an error message and let them keep trying with a different phone number
• Partially resolves https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/317

Screenshots or screen recordings

Before	After (self-managed)	After (SaaS)
related-to-banned-user-before	self-managed-after	saas-after

How to set up and validate locally

1. Enable feature-flags identity_verification and identity_verification_phone_number.

Feature.enable(:identity_verification)
Feature.enable(:identity_verification_phone_number)

1. Create a phone verification record in the database for an already existing user, and then ban that user.

banned_user = User.last
Users::PhoneNumberValidation.create(user: banned_user, country: 'AU', phone_number: '400000000', international_dial_code: 61)
banned_user.ban!

2. Register as a new user from /users/sign_up. You should see a page to verify your email address.
3. Mark the user as medium-risk so the user is asked to complete phone verification

UserCustomAttribute.create(key: 'arkose_risk_band', value: 'MEDIUM', user: User.last)

4. Then, refresh the page. You should see a section asking you to verify your phone number. Enter the same phone number from step 1 (remember to select the same country as well) and verify that the user is banned.

5. Different error messages are shown when a user is on a self-managed instance vs SaaS. To test this, unban the user, simulate SaaS and repeat step 4

$ export GITLAB_SIMULATE_SAAS=1
$ gdk restart

$ bundle exec rails c

User.last.unban

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.